cbcvebase.
CVE-2013-4288
published 2013-10-03

CVE-2013-4288: Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec…

PriorityP431high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.34%
26.1th percentile
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.

Affected

126 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalapt-xapian-index
canonicalapt-xapian-index
canonicalapt-xapian-index>= 0 < 0.470.47
canonicalapt-xapian-index>= 0 < 0.470.47
canonicalapt-xapian-index>= 0 < 0.470.47
canonicalapt-xapian-index>= 0.45ubuntu1 < 0.45ubuntu2.10.45ubuntu2.1
canonicalsoftware-properties>= 0 < 0.92.180.92.18
canonicalsoftware-properties>= 0 < 0.92.180.92.18
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianapt-xapian-index< apt-xapian-index 0.47 (bookworm)apt-xapian-index 0.47 (bookworm)
debiandebian_linux
debianlibvirt< libvirt 1.1.3~rc1-1 (bookworm)libvirt 1.1.3~rc1-1 (bookworm)
debianpolicykit-1< policykit-1 0.105-3+nmu1 (bookworm)policykit-1 0.105-3+nmu1 (bookworm)
debianrtkit< rtkit 0.10-3 (bookworm)rtkit 0.10-3 (bookworm)
debiansoftware-properties< software-properties 0.92.18 (bookworm)software-properties 0.92.18 (bookworm)
debianspice-gtk< spice-gtk 0.21-0nocelt1 (bookworm)spice-gtk 0.21-0nocelt1 (bookworm)
debiansystemd< systemd 204-5 (bookworm)systemd 204-5 (bookworm)
evan_dandreausb-creator
evan_dandreausb-creator
evan_dandreausb-creator

CVSS provenance

nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2LOW
vendor_redhat7.2HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.