ID USN-1955-1 Type ubuntu Reporter Ubuntu Modified 2013-09-18T00:00:00
Description
It was discovered that apt-xapian-index was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.
{"result": {"cve": [{"id": "CVE-2013-1064", "type": "cve", "title": "CVE-2013-1064", "description": "apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.", "published": "2013-10-03T17:55:03", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1064", "cvelist": ["CVE-2013-1064"], "lastseen": "2016-09-03T18:03:56"}], "nessus": [{"id": "UBUNTU_USN-1955-1.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS / 12.10 / 13.04 : apt-xapian-index vulnerability (USN-1955-1)", "description": "It was discovered that apt-xapian-index was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2013-09-19T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=69973", "cvelist": ["CVE-2013-1064"], "lastseen": "2017-10-29T13:37:16"}], "openvas": [{"id": "OPENVAS:841565", "type": "openvas", "title": "Ubuntu Update for apt-xapian-index USN-1955-1", "description": "Check for the Version of apt-xapian-index", "published": "2013-09-24T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=841565", "cvelist": ["CVE-2013-1064"], "lastseen": "2018-01-18T11:09:03"}, {"id": "OPENVAS:1361412562310841565", "type": "openvas", "title": "Ubuntu Update for apt-xapian-index USN-1955-1", "description": "Check for the Version of apt-xapian-index", "published": "2013-09-24T00:00:00", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841565", "cvelist": ["CVE-2013-1064"], "lastseen": "2018-04-06T11:22:09"}]}}