Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2013-4311

Опубликовано: 03 окт. 2013
Источник: debian
EPSS Низкий

Описание

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libvirtfixed1.1.3~rc1-1package

Примечания

  • polkit support not activated in Debian build prior to 1.2.9.

  • sourcewise support for 3-arg pkcheck syntax in libvirt is included

  • since 0.9.12.3-1 in wheezy-security (and 1.1.3~rc1-1 in unstable). But we need

  • to wait for the pu in #726558 for policykit-1/0.105-3+deb7u1 and have a rebuild

  • of libvirt then.

  • Needs a build dependency on libpolkit-gobject-1-dev

EPSS

Процентиль: 5%
0.00024
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2013-4311

ubuntu
почти 12 лет назад

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

redhat логотип

CVE-2013-4311

redhat
почти 12 лет назад

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

nvd логотип

CVE-2013-4311

nvd
почти 12 лет назад

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

github логотип

GHSA-pr6p-rw96-x62r

github
больше 3 лет назад

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

oracle-oval логотип

ELSA-2013-1272

oracle-oval
почти 12 лет назад

ELSA-2013-1272: libvirt security and bug fix update (IMPORTANT)

EPSS

Процентиль: 5%
0.00024
Низкий