CVE-2013-1063

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-1063
usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/54901 Vendor Advisory
http://www.ubuntu.com/usn/USN-1963-1
https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2 Patch
https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2 Patch
https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1 Patch
http://secunia.com/advisories/54901 Vendor Advisory
http://www.ubuntu.com/usn/USN-1963-1
https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2 Patch
https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2 Patch
https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:evan_dandrea:usb-creator:0.2.38:*:*:*:*:*:*:*
cpe:2.3:a:evan_dandrea:usb-creator:0.2.38.1:*:*:*:*:*:*:*
cpe:2.3:a:evan_dandrea:usb-creator:0.2.40:*:*:*:*:*:*:*
cpe:2.3:a:evan_dandrea:usb-creator:0.2.47:*:*:*:*:*:*:*
History

21 Nov 2024, 01:48

Type Values Removed Values Added
References () http://secunia.com/advisories/54901 - Vendor Advisory () http://secunia.com/advisories/54901 - Vendor Advisory
References () http://www.ubuntu.com/usn/USN-1963-1 - () http://www.ubuntu.com/usn/USN-1963-1 -
References () https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2 - Patch () https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2 - Patch
References () https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2 - Patch () https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2 - Patch
References () https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1 - Patch () https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1 - Patch
Information

Published : 2013-10-03 21:55

Updated : 2025-04-11 00:51

NVD link : CVE-2013-1063

Mitre link : CVE-2013-1063

CVE.ORG link : CVE-2013-1063

JSON object : View

Products Affected

evan_dandrea

  • usb-creator

canonical

  • ubuntu_linux
CWE
CWE-264

Permissions, Privileges, and Access Controls