CVE-2013-4325
published 2013-09-23CVE-2013-4325: The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a…
PriorityP421medium6.9CVSS 2.0
AVLACMAuNCCICAC
EPSS
0.42%
33.6th percentile
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | hplip | < hplip 3.13.9-1 (bookworm) | hplip 3.13.9-1 (bookworm) |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
| hp | linux_imaging_and_printing_project | — | — |
CVSS provenance
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9MEDIUM
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
HPLIP vulnerability
vendor_ubuntu·2013-09-18
CVE-2013-4325 HPLIP vulnerability
Title: HPLIP vulnerability
Summary: HPLIP could be tricked into bypassing polkit authorizations.
It was discovered that HPLIP was using polkit in an unsafe manner. A local
attacker could possibly use this issue to bypass intended polkit
authorizations.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
hplip: Insecure calling of polkit
vendor_redhat·2013-09-18·CVSS 6.9
CVE-2013-4325 [MEDIUM] hplip: Insecure calling of polkit
hplip: Insecure calling of polkit
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
Package: hplip (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2013-4325: hplip - The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printin...
vendor_debian·2013·CVSS 6.9
CVE-2013-4325 [MEDIUM] CVE-2013-4325: hplip - The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printin...
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
Scope: local
bookworm: resolved (fixed in 3.13.9-1)
bullseye: resolved (fixed in 3.13.9-1)
sid: resolved (fixed in 3.13.9-1)
trixie: resolved (fixed in 3.13.9-1)
GHSA
GHSA-7hxg-9wxx-g3mp: The check_permission_v1 function in base/pkit
ghsa_unreviewed·2022-05-17
CVE-2013-4325 [MEDIUM] GHSA-7hxg-9wxx-g3mp: The check_permission_v1 function in base/pkit
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
OSV
CVE-2013-4325: The check_permission_v1 function in base/pkit
osv·2013-09-23·CVSS 6.9
CVE-2013-4325 [MEDIUM] CVE-2013-4325: The check_permission_v1 function in base/pkit
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2013-4325 hplip: Insecure calling of polkit [fedora-all]
bugzilla·2013-09-18·CVSS 6.9
CVE-2013-4325 [MEDIUM] CVE-2013-4325 hplip: Insecure calling of polkit [fedora-all]
CVE-2013-4325 hplip: Insecure calling of polkit [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple sup
Bugzilla
CVE-2013-4325 hplip: Insecure calling of polkit
bugzilla·2013-09-11·CVSS 7.2
CVE-2013-4325 [HIGH] CVE-2013-4325 hplip: Insecure calling of polkit
CVE-2013-4325 hplip: Insecure calling of polkit
Sebastian Krahmer reported a security issue was found in polkit (CVE-2013-4288 bz 1002375).
It was found that hplip was vulnerable to this issue as well, since it communicated to polkit authority using an unsafe DBUS interface.
This issue has been assigned CVE-2013-4325
Discussion:
Created attachment 796256
hplip patch
---
This is now public:
http://www.openwall.com/lists/oss-security/2013/09/18/4
---
Created hplip tracking bugs for this issue:
Affects: fedora-all [bug 1009541]
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2013:1274 https://rhn.redhat.com/errata/RHSA-2013-1274.html
---
hplip-3.13.9-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persi
Bugzilla
CVE-2013-4288 polkit: unix-process subject for authorization is racy
bugzilla·2013-08-29·CVSS 7.2
CVE-2013-4288 [HIGH] CVE-2013-4288 polkit: unix-process subject for authorization is racy
CVE-2013-4288 polkit: unix-process subject for authorization is racy
Sebastian Krahmer reported a race condition in the polkit unix-process subject for authorization. It depended on the (PID, startup_time) pair to be passed to pokkit, which then used /proc/PID/status to find the UID the process belongs to. A local attacker could exploit this issue via a polkit enabled application, by starting a suid or pkexec process, changing the eud and/or uid at will. This could result in bypass polkit authorizations or even privilege escalation in some cases.
Discussion:
Created attachment 795472
polkit patch
---
Created attachment 795473
spice-gtk patch
Instead of using polkit_unix_process_new() which can be racy, spice-gtk is modified to use polkit_unix_process_new_for_owner()
---
Created att
http://lists.opensuse.org/opensuse-updates/2013-10/msg00062.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00000.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1274.htmlhttp://www.debian.org/security/2013/dsa-2829http://www.ubuntu.com/usn/USN-1956-1https://bugzilla.redhat.com/show_bug.cgi?id=1002375https://bugzilla.redhat.com/show_bug.cgi?id=1006674http://lists.opensuse.org/opensuse-updates/2013-10/msg00062.htmlhttp://lists.opensuse.org/opensuse-updates/2013-11/msg00000.htmlhttp://rhn.redhat.com/errata/RHSA-2013-1274.htmlhttp://www.debian.org/security/2013/dsa-2829http://www.ubuntu.com/usn/USN-1956-1https://bugzilla.redhat.com/show_bug.cgi?id=1002375https://bugzilla.redhat.com/show_bug.cgi?id=1006674
2013-09-23
Published