Search...

apt-xapian-index vulnerability

2013-09-18T00:00:00

ID USN-1955-1
Type ubuntu
Reporter Ubuntu
Modified 2013-09-18T00:00:00

Description

It was discovered that apt-xapian-index was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.

JSON Vulners Source

Initial Source

{"id": "USN-1955-1", "bulletinFamily": "unix", "title": "apt-xapian-index vulnerability", "description": "It was discovered that apt-xapian-index was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.", "published": "2013-09-18T00:00:00", "modified": "2013-09-18T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/1955-1/", "reporter": "Ubuntu", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2013-1064"], "cvelist": ["CVE-2013-1064"], "type": "ubuntu", "lastseen": "2018-03-29T18:17:32", "history": [], "edition": 1, "hashmap": [{"key": "affectedPackage", "hash": "566213f58e4ce34029b9e3f8085d08df"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "2f4453e05ed0f824829989a7378c2885"}, {"key": "cvss", "hash": "292f2e293571b0e70e3182b615982dad"}, {"key": "description", "hash": "7858cecd82fdd29f937120b8d2e57174"}, {"key": "href", "hash": "080bfc1e4b815c3b721199284087eeea"}, {"key": "modified", "hash": "94c4a7e4814542b0a23cdcf7b13a6b1c"}, {"key": "published", "hash": "94c4a7e4814542b0a23cdcf7b13a6b1c"}, {"key": "references", "hash": "2aa71ad29f7a63c8610f7fcfa778eeff"}, {"key": "reporter", "hash": "3d945423f8e9496c429a5d8c65b4604f"}, {"key": "title", "hash": "7f2399afc2688290dcb4db03237e1105"}, {"key": "type", "hash": "1d41c853af58d3a7ae54990ce29417d8"}], "hash": "cbf2fff688ddc561f2d3b4c729c07aeae0c12e3fd74853f1c9b1b58c6a482194", "viewCount": 0, "enchantments": {"vulnersScore": 3.5}, "objectVersion": "1.3", "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "12.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "apt-xapian-index", "packageVersion": "0.44ubuntu5.1"}, {"OS": "Ubuntu", "OSVersion": "12.10", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "apt-xapian-index", "packageVersion": "0.44ubuntu7.1"}, {"OS": "Ubuntu", "OSVersion": "13.04", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "apt-xapian-index", "packageVersion": "0.45ubuntu2.1"}]}

{"result": {"cve": [{"id": "CVE-2013-1064", "type": "cve", "title": "CVE-2013-1064", "description": "apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.", "published": "2013-10-03T17:55:03", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1064", "cvelist": ["CVE-2013-1064"], "lastseen": "2016-09-03T18:03:56"}], "nessus": [{"id": "UBUNTU_USN-1955-1.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 : apt-xapian-index vulnerability (USN-1955-1)", "description": "It was discovered that apt-xapian-index was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-09-19T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69973", "cvelist": ["CVE-2013-1064"], "lastseen": "2017-10-29T13:37:16"}], "openvas": [{"id": "OPENVAS:841565", "type": "openvas", "title": "Ubuntu Update for apt-xapian-index USN-1955-1", "description": "Check for the Version of apt-xapian-index", "published": "2013-09-24T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=841565", "cvelist": ["CVE-2013-1064"], "lastseen": "2018-01-18T11:09:03"}, {"id": "OPENVAS:1361412562310841565", "type": "openvas", "title": "Ubuntu Update for apt-xapian-index USN-1955-1", "description": "Check for the Version of apt-xapian-index", "published": "2013-09-24T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841565", "cvelist": ["CVE-2013-1064"], "lastseen": "2018-04-06T11:22:09"}]}}