CVE-2013-4327
published 2013-10-03CVE-2013-4327: systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a…
medium6.9CVSS 3.1
AVLACMAuNCCICAC
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | systemd | < systemd 204-5 (bookworm) | systemd 204-5 (bookworm) |
| systemd_project | systemd | <= 207 | — |
| systemd_project | systemd | >= 0 < 204-5 | 204-5 |
| systemd_project | systemd | >= 0 < 204-5 | 204-5 |
| systemd_project | systemd | >= 0 < 204-5 | 204-5 |
| systemd_project | systemd | >= 0 < 204-5 | 204-5 |
CVSS provenance
nvd6.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv7.2HIGH