Lucene search
RedhatCVE-2013-4326HistoryOct 03, 2013 - 9:55 p.m.
CVE-2013-4326
2013-10-0321:55:04
CWE-264
redhat
web.nvd.nist.gov
38
2
realtimekit
rtkit
cve-2013-4326
d-bus
polkit
access restriction
race condition
cve-2013-4288
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
5.1%
RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Affected configurations
Node
lennart_poetteringrkitMatch0.5
Node
redhatenterprise_linuxMatch6.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| lennart_poettering | rkit | 0.5 | cpe:/a:lennart_poettering:rkit:0.5::: |
References
Social References
More
Related
ubuntucve
ubuntucve
veracode
veracode
Authorization Bypass
2019-01-15 08:59:41
Privilege Escalation
2019-01-15 08:59:31
nvd
nvd
cvelist
cvelist
debiancve
debiancve
prion
prion
openvas
openvas
CentOS Update for rtkit CESA-2013:1282 centos6
2013-10-03 00:00:00
Fedora Update for rtkit FEDORA-2013-17583
2013-10-11 00:00:00
CentOS Update for rtkit CESA-2013:1282 centos6
2013-10-03 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: rtkit-0.11-7.fc20
2013-10-12 04:29:04
[SECURITY] Fedora 19 Update: rtkit-0.11-7.fc19
2013-09-26 06:08:21
[SECURITY] Fedora 18 Update: rtkit-0.11-7.fc18
2013-10-10 01:03:46
nessus
nessus
openSUSE Security Update : rtkit (openSUSE-SU-2013:1548-1)
2014-06-13 00:00:00
Ubuntu 12.04 LTS / 12.10 / 13.04 : rtkit vulnerability (USN-1959-1)
2013-09-19 00:00:00
Scientific Linux Security Update : rtkit on SL6.x i386/x86_64 (20130924)
2013-09-25 00:00:00
redhat
redhat
(RHSA-2013:1282) Important: rtkit security update
2013-09-24 00:00:00
(RHSA-2013:1270) Important: polkit security update
2013-09-19 00:00:00
(RHSA-2013:1460) Important: rhev-hypervisor6 security and bug fix update
2013-10-29 00:00:00
oraclelinux
oraclelinux
rtkit security update
2013-09-24 00:00:00
polkit security update
2013-09-19 00:00:00
centos
centos
rtkit security update
2013-09-24 20:31:04
polkit security update
2013-09-20 02:25:01
ubuntu
ubuntu
RealtimeKit vulnerability
2013-09-18 00:00:00
polkit vulnerability
2013-09-18 00:00:00
securityvulns
securityvulns
PolicyKit protection bypass
2013-10-01 00:00:00
[ MDVSA-2013:243 ] polkit
2013-10-01 00:00:00
polkit authorization bypass in multiple application
2013-10-03 00:00:00
mageia
mageia
cve
cve
gentoo
gentoo
polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation
2014-06-26 00:00:00
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.3
Confidence
Low
EPSS
0
Percentile
5.1%
Related for CVE-2013-4326