Vulnerability Description
usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical | Ubuntu Linux | 12.04 |
| Evan Dandrea | Usb-Creator | 0.2.38 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/54901Vendor Advisory
- http://www.ubuntu.com/usn/USN-1963-1
- https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2Patch
- https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2Patch
- https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1Patch
- http://secunia.com/advisories/54901Vendor Advisory
- http://www.ubuntu.com/usn/USN-1963-1
- https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2Patch
- https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2Patch
- https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1Patch
FAQ
What is CVE-2013-1063?
CVE-2013-1063 is a vulnerability with a CVSS score of 4.6 (MEDIUM). usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass in...
How severe is CVE-2013-1063?
CVE-2013-1063 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-1063?
Check the references section above for vendor advisories and patch information. Affected products include: Canonical Ubuntu Linux, Evan Dandrea Usb-Creator.