Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-7572

Опубликовано: 06 апр. 2017
Источник: ubuntu
Приоритет: low
CVSS2: 9.3
CVSS3: 8.1

Описание

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc//status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

1.1.12-2
cosmic

not-affected

1.1.12-2
devel

not-affected

1.1.12-2
disco

not-affected

1.1.12-2
esm-apps/bionic

not-affected

1.1.12-2
esm-apps/xenial

released

1.1.2-2~build0.16.04.1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was needed]
precise

ignored

end of life
precise/esm

DNE

precise was needed

Показывать по

Ссылки на источники

9.3 Critical

CVSS2

8.1 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2017-7572

CVSS3: 8.1
nvd
почти 9 лет назад

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.

debian логотип

CVE-2017-7572

CVSS3: 8.1
debian
почти 9 лет назад

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time ...

suse-cvrf логотип

openSUSE-SU-2017:1124-1

suse-cvrf
почти 9 лет назад

Security update for backintime

github логотип

GHSA-gq8h-7hr7-25cg

CVSS3: 8.1
github
больше 3 лет назад

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.

9.3 Critical

CVSS2

8.1 High

CVSS3