PT-2013-2854 · Canonical · Language-Selector

Publicado

2013-10-03

Atualizado

2017-08-29

CVE-2013-1066

CVSS v2.0

4.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions language-selector versions 0.79.x through 0.79.3 language-selector versions 0.90.x through 0.90.0 language-selector versions 0.110.x through 0.110.0

Description The issue allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a setuid process or pkexec process. This occurs because the software does not properly use D-Bus for communication with a polkit authority.

Recommendations For versions 0.79.x through 0.79.3, update to version 0.79.4 or later. For versions 0.90.x through 0.90.0, update to version 0.90.1 or later. For versions 0.110.x through 0.110.0, update to version 0.110.1 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2013-1066

Produtos afetados

Language-Selector

PT-2013-2854 · Canonical · Language-Selector

CVE-2013-1066

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7