EUVD-2013-4204

Malware in sbrugna...

SUSE CVE-2013-4311

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a 1 setuid process or 2 pkexec process, a related issue to CVE-2013-4288...

MGASA-2013-0293 Updated polkit package and the packages that call polkit fixes security vulnerability

A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges CVE-2013-4288...

Updated polkit package and the packages that call polkit fixes security vulnerability

A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges CVE-2013-4288...

DEBIAN-CVE-2013-4311

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a 1 setuid process or 2 pkexec process, a related issue to CVE-2013-4288...

CVE-2013-4311

CVE-2013-4311 stems from a PolkitUnixProcess race in pkcheck that can bypass access controls via a (setuid) process or pkexec, enabling local privilege bypass. Affected are libvirt components across multiple branches: libvirt 1.0.5.x (before 1.0.5.6), 0.10.2.x (before 0.10.2.8), and 0.9.12.x (bef...

CVE-2013-4311

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a 1 setuid process or 2 pkexec process, a related issue to CVE-2013-4288...

PolicyKit protection bypass

pkcheck race conditions...

Mandriva Linux Security Advisory : polkit (MDVSA-2013:243)

Updated polkit packages fix security vulnerability : A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit...

Ubuntu: Security Advisory (USN-1954-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for polkit RHSA-2013:1270-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 20 : polkit-0.112-1.fc20 (2013-17160)

This release fixes CVE-2013-4288: Race condition with process subjects that do not have securely determined uid. pkcheck1 now supports a new format for the --process argument; all applications need to use the new format to avoid a race condition or use --system-bus-name to identify the process...

Fedora 18 : polkit-0.107-6.fc18 (2013-17197)

This release fixes CVE-2013-4288: Race condition with process subjects that do not have securely determined uid. pkcheck1 now supports a new format for the --process argument; all applications need to use the new format to avoid a race condition or use --system-bus-name to identify the process...

Fedora 19 : polkit-0.112-1.fc19 (2013-17191)

This release fixes CVE-2013-4288: Race condition with process subjects that do not have securely determined uid. pkcheck1 now supports a new format for the --process argument; all applications need to use the new format to avoid a race condition or use --system-bus-name to identify the process...

RHEL 6 : polkit (RHSA-2013:1270)

Updated polkit packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Important: Red Hat Security Advisory: polkit security update

Updated polkit packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.04 : libvirt vulnerabilities (USN-1954-1)

It was discovered that libvirt used the pkcheck tool in an unsafe manner. A local attacker could possibly use this flaw to bypass polkit authentication. In Ubuntu, libvirt polkit authentication is not enabled by default. CVE-2013-4311 It was discovered that libvirt incorrectly handled certain...