[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2013-4311Date: (C)2013-10-09   (M)2023-12-22


libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
RHSA-2013:1272
RHSA-2013:1460
USN-1954-1
http://www.openwall.com/lists/oss-security/2013/09/18/6
http://wiki.libvirt.org/page/Maintenance_Releases
openSUSE-SU-2013:1549
openSUSE-SU-2013:1550

CPE    19
cpe:/a:redhat:libvirt:1.0.5
cpe:/o:canonical:ubuntu_linux:12.04:-:lts
cpe:/o:canonical:ubuntu_linux:13.04
cpe:/o:canonical:ubuntu_linux:12.10
...
CWE    1
CWE-264
OVAL    7
oval:org.secpod.oval:def:701411
oval:org.secpod.oval:def:105894
oval:org.secpod.oval:def:1500249
oval:org.secpod.oval:def:202942
...

© SecPod Technologies