Lucene search
HistoryOct 03, 2013 - 9:55 p.m.
CVE-2013-4327
cve-2013-4327
systemd
d-bus
polkit
access restrictions
race condition
cve-2013-4288
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.2
Confidence
Low
EPSS
0
Percentile
5.1%
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Affected configurations
Node
systemd_projectsystemdRange≤207
Node
debiandebian_linuxMatch7.0
Node
canonicalubuntu_linuxMatch13.04
| Vendor | Product | Version | CPE |
|---|---|---|---|
| systemd_project | systemd | cpe:/a:systemd_project:systemd:::: |
Related
cvelist
cvelist
prion
prion
nvd
nvd
ubuntucve
ubuntucve
debiancve
debiancve
openvas
openvas
Fedora Update for systemd FEDORA-2013-17203
2013-09-24 00:00:00
Fedora Update for systemd FEDORA-2013-17203
2013-09-24 00:00:00
Fedora Update for systemd FEDORA-2013-17119
2013-09-24 00:00:00
nessus
nessus
Fedora 18 : systemd-201-2.fc18.8 (2013-17203)
2013-09-23 00:00:00
Fedora 20 : systemd-207-4.fc20 (2013-17176)
2013-09-23 00:00:00
Ubuntu 13.04 : systemd vulnerability (USN-1961-1)
2013-09-19 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: systemd-207-4.fc20
2013-09-23 00:21:01
[SECURITY] Fedora 18 Update: systemd-201-2.fc18.8
2013-09-23 00:02:39
[SECURITY] Fedora 19 Update: systemd-204-15.fc19
2013-09-21 08:38:23
ubuntu
ubuntu
systemd vulnerability
2013-09-18 00:00:00
polkit vulnerability
2013-09-18 00:00:00
securityvulns
securityvulns
PolicyKit protection bypass
2013-10-01 00:00:00
[ MDVSA-2013:243 ] polkit
2013-10-01 00:00:00
systemd security vulnerabilities
2013-10-12 00:00:00
gentoo
gentoo
polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation
2014-06-26 00:00:00
mageia
mageia
debian
debian
[SECURITY] [DSA 2777-1] systemd security update
2013-10-11 14:33:53
centos
centos
polkit security update
2013-09-20 02:25:01
cve
cve
veracode
veracode
Privilege Escalation
2019-01-15 08:59:31
Authorization Bypass
2019-01-15 08:59:41
redhat
redhat
(RHSA-2013:1270) Important: polkit security update
2013-09-19 00:00:00
(RHSA-2013:1460) Important: rhev-hypervisor6 security and bug fix update
2013-10-29 00:00:00
oraclelinux
oraclelinux
polkit security update
2013-09-19 00:00:00
CVSS2
6.9
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
AI Score
6.2
Confidence
Low
EPSS
0
Percentile
5.1%
Related for CVE-2013-4327