6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
hplip is vulnerable to authorization bypass. The check_permission_v1
function in base/pkit.py
does not properly use D-Bus for communications with a polkit authority. A race condition in the PolkitUnixProcess PolkitSubject allows a local user to bypass access restrictions via a setuid
or pkexec
process.
CPE | Name | Operator | Version |
---|---|---|---|
hplip | eq | 3.10.9__3.el6 | |
hplip | eq | 3.9.8__33.el6_0.1 | |
hplip | eq | 3.9.8__33.el6 |
lists.opensuse.org/opensuse-updates/2013-10/msg00062.html
lists.opensuse.org/opensuse-updates/2013-11/msg00000.html
rhn.redhat.com/errata/RHSA-2013-1274.html
www.debian.org/security/2013/dsa-2829
www.ubuntu.com/usn/USN-1956-1
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1002375
bugzilla.redhat.com/show_bug.cgi?id=1006674
rhn.redhat.com/errata/RHSA-2013-1274.html