Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2013-1274

Опубликовано: 19 сент. 2013
Источник: oracle-oval
Платформа: Oracle Linux 6

Описание

ELSA-2013-1274: hplip security update (IMPORTANT)

[3.12.4-4:.1]

  • Applied patch to avoid unix-process authorization subject when using polkit as it is racy (CVE-2013-4325).

Обновленные пакеты

Oracle Linux 6

Oracle Linux x86_64

hpijs

3.12.4-4.el6_4.1

hplip

3.12.4-4.el6_4.1

hplip-common

3.12.4-4.el6_4.1

hplip-gui

3.12.4-4.el6_4.1

hplip-libs

3.12.4-4.el6_4.1

libsane-hpaio

3.12.4-4.el6_4.1

Oracle Linux i686

hpijs

3.12.4-4.el6_4.1

hplip

3.12.4-4.el6_4.1

hplip-common

3.12.4-4.el6_4.1

hplip-gui

3.12.4-4.el6_4.1

hplip-libs

3.12.4-4.el6_4.1

libsane-hpaio

3.12.4-4.el6_4.1

Связанные CVE

CVE-2013-4325

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2013-4325

ubuntu
почти 12 лет назад

The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.

redhat логотип

CVE-2013-4325

redhat
почти 12 лет назад

The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.

nvd логотип

CVE-2013-4325

nvd
почти 12 лет назад

The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.

debian логотип

CVE-2013-4325

debian
почти 12 лет назад

The check_permission_v1 function in base/pkit.py in HP Linux Imaging a ...

github логотип

GHSA-7hxg-9wxx-g3mp

github
больше 3 лет назад

The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.