CVE

Id
61010  
CVE No.
CVE-2013-1063  
Status
Candidate  
Description
usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.  
Phase
Assigned (20130111)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
613409 61010 CVE-2013-1063 CONFIRM:https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2  View
613410 61010 CVE-2013-1063 CONFIRM:https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2  View
613411 61010 CVE-2013-1063 CONFIRM:https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1  View
613412 61010 CVE-2013-1063 UBUNTU:USN-1963-1  View
613413 61010 CVE-2013-1063 URL:http://www.ubuntu.com/usn/USN-1963-1  View
613414 61010 CVE-2013-1063 SECUNIA:54901  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
25024 JVNDB-2013-006599 Ubuntu 用 OpenStack Nova および Openstack Cinder パッケージにおける権限を取得される脆弱性 Ubuntu 用 OpenStack Nova (python-nova) パッケージ および Openstack Cinder (python-cinder) パッケージは、SUDO の構成を適切に設定しないため、権限を取得される脆弱性が存在します。 CVE-2013-1068 61010 5 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-006599.html  View