1
Candidate: CVE-2017-7572
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7572
6
The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka
7
backintime) 1.1.18 and earlier uses a deprecated polkit authorization
8
method (unix-process) that is subject to a race condition (time of check,
9
time of use). With this authorization method, the owner of a process
10
requesting a polkit operation is checked by polkitd via /proc/<pid>/status,
11
by which time the requesting process may have been replaced by a different
12
process with the same PID that has different privileges then the original
22
upstream: https://github.com/bit-team/backintime/commit/7f208dc547f569b689c888103e3b593a48cd1869
23
upstream_backintime: needs-triage
24
precise_backintime: ignored (reached end-of-life)
25
precise/esm_backintime: DNE (precise was needed)
26
trusty_backintime: needed
27
vivid/stable-phone-overlay_backintime: DNE
28
vivid/ubuntu-core_backintime: DNE
29
xenial_backintime: needed
30
yakkety_backintime: ignored (reached end-of-life)
31
zesty_backintime: ignored (reached end-of-life)
32
artful_backintime: needed
33
bionic_backintime: needed
34
devel_backintime: needed