CVE-2013-1066
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
5.1%
language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ubuntu_developers | language-selector | 0.79 | cpe:2.3:a:ubuntu_developers:language-selector:0.79:*:*:*:*:*:*:* |
| ubuntu_developers | language-selector | 0.79.1 | cpe:2.3:a:ubuntu_developers:language-selector:0.79.1:*:*:*:*:*:*:* |
| ubuntu_developers | language-selector | 0.79.2 | cpe:2.3:a:ubuntu_developers:language-selector:0.79.2:*:*:*:*:*:*:* |
| ubuntu_developers | language-selector | 0.79.3 | cpe:2.3:a:ubuntu_developers:language-selector:0.79.3:*:*:*:*:*:*:* |
| ubuntu_developers | language-selector | 0.90 | cpe:2.3:a:ubuntu_developers:language-selector:0.90:*:*:*:*:*:*:* |
| ubuntu_developers | language-selector | 0.110 | cpe:2.3:a:ubuntu_developers:language-selector:0.110:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 12.04 | cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:* |
| canonical | ubuntu_linux | 12.10 | cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 13.04 | cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
5.1%