1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
PublicDateAtUSN: 2013-09-18
Candidate: CVE-2013-1066
PublicDate: 2013-10-03
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1066
http://www.ubuntu.com/usn/usn-1958-1
Description:
language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x
before 0.79.4 does not properly use D-Bus for communication with a polkit
authority, which allows local users to bypass intended access restrictions
by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1)
setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_language-selector:
upstream_language-selector: needs-triage
lucid_language-selector: not-affected (code not present)
precise_language-selector: released (0.79.4)
quantal_language-selector: released (0.90.1)
raring_language-selector: released (0.110.1)
devel_language-selector: released (0.115)
|