CVE Vulnerabilities

CVE-2013-1063

Published: Oct 03, 2013 | Modified: Oct 04, 2013
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Affected Software

Name Vendor Start Version End Version
Ubuntu_linux Canonical 12.04 12.04
Ubuntu_linux Canonical 12.10 12.10
Ubuntu_linux Canonical 13.10 13.10
Usb-creator Ubuntu devel *
Usb-creator Ubuntu lucid *
Usb-creator Ubuntu precise *
Usb-creator Ubuntu quantal *
Usb-creator Ubuntu raring *

References