CVE Vulnerabilities

CVE-2013-1064

Published: Oct 03, 2013 | Modified: Jul 18, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Affected Software

Name Vendor Start Version End Version
Apt-xapian-index Canonical 0.44ubuntu5.1 0.44ubuntu5.1
Apt-xapian-index Canonical 0.44ubuntu7.1 0.44ubuntu7.1
Apt-xapian-index Canonical 0.45ubuntu1 *

References