CVE-2013-1064

apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:canonical:apt-xapian-index:*:*:*:*:*:*:*:*
cpe:2.3:a:canonical:apt-xapian-index:0.44ubuntu5.1:*:*:*:*:*:*:*
cpe:2.3:a:canonical:apt-xapian-index:0.44ubuntu7.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*

History

21 Nov 2024, 01:48

Type Values Removed Values Added
References () http://secunia.com/advisories/54914 - Vendor Advisory () http://secunia.com/advisories/54914 - Vendor Advisory
References () http://www.ubuntu.com/usn/USN-1955-1 - Vendor Advisory () http://www.ubuntu.com/usn/USN-1955-1 - Vendor Advisory
References () https://launchpad.net/ubuntu/+source/apt-xapian-index/0.44ubuntu5.1 - Patch () https://launchpad.net/ubuntu/+source/apt-xapian-index/0.44ubuntu5.1 - Patch
References () https://launchpad.net/ubuntu/+source/apt-xapian-index/0.44ubuntu7.1 - Patch () https://launchpad.net/ubuntu/+source/apt-xapian-index/0.44ubuntu7.1 - Patch
References () https://launchpad.net/ubuntu/+source/apt-xapian-index/0.45ubuntu2.1 - Patch () https://launchpad.net/ubuntu/+source/apt-xapian-index/0.45ubuntu2.1 - Patch

Information

Published : 2013-10-03 21:55

Updated : 2024-11-21 01:48


NVD link : CVE-2013-1064

Mitre link : CVE-2013-1064

CVE.ORG link : CVE-2013-1064


JSON object : View

Products Affected

canonical

  • ubuntu_linux
  • apt-xapian-index
CWE
CWE-264

Permissions, Privileges, and Access Controls