Lucene search
GoogleOSV:CVE-2017-7572HistoryApr 06, 2017 - 6:59 p.m.
CVE-2017-7572
2017-04-0618:59:00
Google
osv.dev
2
The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.
| CPE | Name | Operator | Version |
|---|---|---|---|
| backintime | eq | 0.8.16 | |
| backintime | eq | 1.0.30 | |
| backintime | eq | 1.1.4 | |
| backintime | eq | 1.1.6 | |
| backintime | eq | 1.0.12 | |
| backintime | eq | 1.1.10 | |
| backintime | eq | 1.0.24 | |
| backintime | eq | 0.8.8 | |
| backintime | eq | 1.0.0 | |
| backintime | eq | 0.8.12 |
Related
nessus
nessus
Fedora 26 : backintime (2017-36eb9502b0)
2017-07-17 00:00:00
Fedora 24 : backintime (2017-7c9a9b2b36)
2017-04-24 00:00:00
Fedora 25 : backintime (2017-8dce7a3940)
2017-04-24 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: backintime-1.1.20-1.fc25
2017-04-22 09:24:23
[SECURITY] Fedora 24 Update: backintime-1.1.20-1.fc24
2017-04-22 08:20:47
[SECURITY] Fedora 26 Update: backintime-1.1.20-1.fc26
2017-04-17 15:55:55
ubuntucve
ubuntucve
CVE-2017-7572
2017-04-06 00:00:00
openvas
openvas
Fedora Update for backintime FEDORA-2017-7c9a9b2b36
2017-04-23 00:00:00
Fedora Update for backintime FEDORA-2017-8dce7a3940
2017-04-23 00:00:00
cvelist
cvelist
CVE-2017-7572
2022-10-03 16:23:01
cve
cve
CVE-2017-7572
2022-10-03 16:23:01
nvd
nvd
CVE-2017-7572
2017-04-06 18:59:00
debiancve
debiancve
CVE-2017-7572
2022-10-03 16:23:01
prion
prion
Race condition
2017-04-06 18:59:00