cbcvebase.
CVE-2013-1064
published 2013-10-03

CVE-2013-1064: apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows…

PriorityP415medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.38%
29.7th percentile
apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Affected

10 ranges
VendorProductVersion rangeFixed in
canonicalapt-xapian-index
canonicalapt-xapian-index
canonicalapt-xapian-index>= 0 < 0.470.47
canonicalapt-xapian-index>= 0 < 0.470.47
canonicalapt-xapian-index>= 0 < 0.470.47
canonicalapt-xapian-index>= 0.45ubuntu1 < 0.45ubuntu2.10.45ubuntu2.1
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianapt-xapian-index< apt-xapian-index 0.47 (bookworm)apt-xapian-index 0.47 (bookworm)

CVSS provenance

nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.