PT-2013-1262 · Red Hat+3 · Libvirt+4
Sebastian Krahmer
·
Publicado
2013-09-19
·
Atualizado
2024-06-15
·
CVE-2013-4311
CVSS v2.0
7.2
Alta
| Vetor | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
hplip versions prior to 3.14.1
libvirt versions 1.0.5.x through 1.0.5.5
libvirt versions 0.10.2.x through 0.10.2.7
libvirt versions 0.9.12.x through 0.9.12.1
Description
The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited locally. For libvirt, the vulnerability allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a setuid process or pkexec process.
Recommendations
For hplip versions prior to 3.14.1, update to version 3.14.1 or later.
For libvirt versions 1.0.5.x through 1.0.5.5, update to version 1.0.5.6 or later.
For libvirt versions 0.10.2.x through 0.10.2.7, update to version 0.10.2.8 or later.
For libvirt versions 0.9.12.x through 0.9.12.1, update to version 0.9.12.2 or later.
Correção
Race Condition
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Centos
Red Hat
Suse
Hplip
Libvirt