Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-1064HistoryOct 03, 2022 - 4:14 p.m.
CVE-2013-1064
2022-10-0316:14:49
Debian Security Bug Tracker
security-tracker.debian.org
13
apt-xapian-index
communication vulnerability
d-bus
polkitunixprocess
polkitsubject
race condition
cve-2013-1064
cve-2013-4288
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
0
Percentile
5.1%
apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | apt-xapian-index | < 0.47 | apt-xapian-index_0.47_all.deb |
| Debian | 11 | all | apt-xapian-index | < 0.47 | apt-xapian-index_0.47_all.deb |
| Debian | 999 | all | apt-xapian-index | < 0.47 | apt-xapian-index_0.47_all.deb |
| Debian | 13 | all | apt-xapian-index | < 0.47 | apt-xapian-index_0.47_all.deb |
Related
nvd
nvd
ubuntucve
ubuntucve
cve
cve
cvelist
cvelist
prion
prion
nessus
nessus
Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : policykit-1 vulnerability (USN-1953-1)
2013-09-19 00:00:00
Fedora 18 : polkit-0.107-6.fc18 (2013-17197)
2013-09-22 00:00:00
Fedora 20 : polkit-0.112-1.fc20 (2013-17160)
2013-09-23 00:00:00
openvas
openvas
CentOS Update for polkit CESA-2013:1270 centos6
2013-09-24 00:00:00
RedHat Update for polkit RHSA-2013:1270-01
2013-09-24 00:00:00
Fedora Update for polkit FEDORA-2013-17197
2013-09-24 00:00:00
centos
centos
polkit security update
2013-09-20 02:25:01
debiancve
debiancve
veracode
veracode
Privilege Escalation
2019-01-15 08:59:31
Authorization Bypass
2019-01-15 08:59:41
redhat
redhat
(RHSA-2013:1270) Important: polkit security update
2013-09-19 00:00:00
(RHSA-2013:1460) Important: rhev-hypervisor6 security and bug fix update
2013-10-29 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: polkit-0.107-6.fc18
2013-09-22 04:28:15
[SECURITY] Fedora 19 Update: polkit-0.112-1.fc19
2013-09-20 16:22:44
[SECURITY] Fedora 20 Update: polkit-0.112-1.fc20
2013-09-23 00:12:34
ubuntu
ubuntu
polkit vulnerability
2013-09-18 00:00:00
apt-xapian-index vulnerability
2013-09-18 00:00:00
oraclelinux
oraclelinux
polkit security update
2013-09-19 00:00:00
securityvulns
securityvulns
PolicyKit protection bypass
2013-10-01 00:00:00
[ MDVSA-2013:243 ] polkit
2013-10-01 00:00:00
polkit authorization bypass in multiple application
2013-10-03 00:00:00
gentoo
gentoo
polkit, Spice-Gtk, systemd, HPLIP, libvirt: Privilege escalation
2014-06-26 00:00:00
mageia
mageia
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
0
Percentile
5.1%
Related for DEBIANCVE:CVE-2013-1064