PT-2013-1262 · Red Hat+3 · Libvirt+4
Sebastian Krahmer
·
Published
2013-09-19
·
Updated
2024-06-15
·
CVE-2013-4311
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
hplip versions prior to 3.14.1
libvirt versions 1.0.5.x through 1.0.5.5
libvirt versions 0.10.2.x through 0.10.2.7
libvirt versions 0.9.12.x through 0.9.12.1
Description
The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited locally. For libvirt, the vulnerability allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a setuid process or pkexec process.
Recommendations
For hplip versions prior to 3.14.1, update to version 3.14.1 or later.
For libvirt versions 1.0.5.x through 1.0.5.5, update to version 1.0.5.6 or later.
For libvirt versions 0.10.2.x through 0.10.2.7, update to version 0.10.2.8 or later.
For libvirt versions 0.9.12.x through 0.9.12.1, update to version 0.9.12.2 or later.
Fix
Race Condition
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Centos
Red Hat
Suse
Hplip
Libvirt