CVE-2013-4288 — Race Condition in Project Polkit
Severity
7.2HIGHNVD
EPSS
0.0%
top 86.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 3
Latest updateMay 13
Description
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.
CVSS vector
AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0
Affected Packages2 packages
Also affects: Ubuntu Linux 10.04, 12.04, 12.10, 13.04, Enterprise Linux 6.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-6wv7-fpg8-f44q: Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkex↗2022-05-13
CVEList▶
CVE-2013-4288: Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkex↗2013-10-03
OSV▶
CVE-2013-4288: Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkex↗2013-10-03
📋Vendor Advisories
8💬Community
8Bugzilla
▶
Bugzilla
▶