CVE-2013-1064

2022-10-0316:14:49

CWE-264

canonical

web.nvd.nist.gov

apt-xapian-index

cve-2013-1064

security

d-bus

polkitunixprocess

polkitsubject

access restrictions

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

Low

EPSS

Percentile

5.1%

JSON

apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Affected configurations

Nvd

Node

canonicalapt-xapian-indexRange0.45ubuntu1–0.45ubuntu2.1

canonicalapt-xapian-indexMatch0.44ubuntu5.1

canonicalapt-xapian-indexMatch0.44ubuntu7.1

Node

canonicalubuntu_linuxMatch12.04lts

canonicalubuntu_linuxMatch12.10

canonicalubuntu_linuxMatch13.04

VendorProductVersionCPE
canonicalapt-xapian-index0.44ubuntu5.1cpe:/a:canonical:apt-xapian-index:0.44ubuntu5.1:::
canonicalapt-xapian-index0.44ubuntu7.1cpe:/a:canonical:apt-xapian-index:0.44ubuntu7.1:::

Vendor	Product	Version	CPE
canonical	apt-xapian-index	0.44ubuntu5.1	cpe:/a:canonical:apt-xapian-index:0.44ubuntu5.1:::
canonical	apt-xapian-index	0.44ubuntu7.1	cpe:/a:canonical:apt-xapian-index:0.44ubuntu7.1:::