5 matches found
CVE-2013-1065
backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a 1 setuid process or 2 pkexec process, a related...
CVE-2013-1065
backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a 1 setuid process or 2 pkexec process, a related...
CVE-2013-1065
CVE-2013-1065 : backend.py in Jockey prior to 0.9.7-0ubuntu7.11 does not properly use D-Bus for polkit communication, enabling local bypass of access restrictions via a PolkitUnixProcess PolkitSubject race (noted as related to CVE-2013-4288). Impact is a local privilege bypass with by-passing pol...
Ubuntu 12.04 LTS : jockey vulnerability (USN-1957-1)
It was discovered that Jockey was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has...
CVE-2013-1065
backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a 1 setuid process or 2 pkexec process, a related...