1. Home
  2. CVE Database
  3. CVE-2013-1061
MEDIUM · 4.6

CVE-2013-1061

dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority...

Vulnerability Description

dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

CVSS Score

4.6

MEDIUM

AV:L/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
Marc DeslauriersSoftware-Properties0.82.7
CanonicalUbuntu Linux12.04

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2013-1061?

CVE-2013-1061 is a vulnerability with a CVSS score of 4.6 (MEDIUM). dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority...

How severe is CVE-2013-1061?

CVE-2013-1061 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-1061?

Check the references section above for vendor advisories and patch information. Affected products include: Marc Deslauriers Software-Properties, Canonical Ubuntu Linux.