libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libvirt | Redhat | 0.9.12 (including) | 0.9.12 (including) |
Libvirt | Redhat | 0.10.2 (including) | 0.10.2 (including) |
Libvirt | Redhat | 0.10.2.1 (including) | 0.10.2.1 (including) |
Libvirt | Redhat | 0.10.2.2 (including) | 0.10.2.2 (including) |
Libvirt | Redhat | 0.10.2.3 (including) | 0.10.2.3 (including) |
Libvirt | Redhat | 0.10.2.4 (including) | 0.10.2.4 (including) |
Libvirt | Redhat | 0.10.2.5 (including) | 0.10.2.5 (including) |
Libvirt | Redhat | 0.10.2.6 (including) | 0.10.2.6 (including) |
Libvirt | Redhat | 0.10.2.7 (including) | 0.10.2.7 (including) |
Libvirt | Redhat | 1.0.5 (including) | 1.0.5 (including) |
Libvirt | Redhat | 1.0.5.1 (including) | 1.0.5.1 (including) |
Libvirt | Redhat | 1.0.5.2 (including) | 1.0.5.2 (including) |
Libvirt | Redhat | 1.0.5.3 (including) | 1.0.5.3 (including) |
Libvirt | Redhat | 1.0.5.4 (including) | 1.0.5.4 (including) |
Libvirt | Redhat | 1.0.5.5 (including) | 1.0.5.5 (including) |
Libvirt | Ubuntu | devel | * |
Libvirt | Ubuntu | lucid | * |
Libvirt | Ubuntu | precise | * |
Libvirt | Ubuntu | quantal | * |
Libvirt | Ubuntu | raring | * |
Red Hat Enterprise Linux 6 | RedHat | libvirt-0:0.10.2-18.el6_4.14 | * |