Lucene search

Veracode Vulnerability DatabaseVERACODE:11285

HistoryJan 15, 2019 - 8:59 a.m.

Authorization Bypass

2019-01-1508:59:41

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

RealtimeKit is vulnerable to authorization bypass. It does not properly use D-Bus for communications with a polkit authority. A race condition in the PolkitUnixProcess PolkitSubject allows a local user to bypass access restrictions via a setuid or pkexec process. This is a related issue to CVE-2013-4288.

CPENameOperatorVersion
rtkiteq0.5__1.el6

CPE	Name	Operator	Version
	rtkit	eq	0.5__1.el6

References

lists.opensuse.org/opensuse-updates/2013-10/msg00022.html

lists.opensuse.org/opensuse-updates/2013-10/msg00051.html

rhn.redhat.com/errata/RHSA-2013-1282.html

www.openwall.com/lists/oss-security/2013/09/18/6

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=1006677

rhn.redhat.com/errata/RHSA-2013-1282.html

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:11285