Описание
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 3.13.9-0ubuntu2 |
| lucid | released | 3.10.2-2ubuntu2.3 |
| precise | released | 3.12.2-1ubuntu3.2 |
| quantal | released | 3.12.6-3ubuntu4.1 |
| raring | released | 3.13.3-1ubuntu0.1 |
| upstream | needs-triage |
Показывать по
EPSS
6.9 Medium
CVSS2
Связанные уязвимости
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
The check_permission_v1 function in base/pkit.py in HP Linux Imaging a ...
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
EPSS
6.9 Medium
CVSS2