CVE-2013-4326

Name of the Vulnerable Software and Affected Versions RealtimeKit (aka rtkit) version 0.5

Description The issue allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a setuid process or pkexec process. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be performed locally.

Recommendations For RealtimeKit (aka rtkit) version 0.5, as a temporary workaround, consider restricting access to the D-Bus communication with a polkit authority until a patch is available. Additionally, restrict the use of setuid processes and pkexec processes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.