Fluid Attacks Database

Description

systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	systemd	>=0 <204-5	204-5
debian 12	systemd	>=0 <204-5	204-5
debian 13	systemd	>=0 <204-5	204-5
debian 14	systemd	>=0 <204-5	204-5

Aliases

1. CVE-2013-43272. NVD-2013-43273. OSV-DEBIAN-2013-43274. OSV-2013-43275. SECURITY-TRACKER-CVE-2013-4327

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.