Fluid Attacks Database

Description

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	policykit-1	>=0 <0.105-3+nmu1	0.105-3+nmu1
rpm rhel6	polkit	<0:0.96-5.el6_4	0:0.96-5.el6_4
debian 11	policykit-1	>=0 <0.105-3+nmu1	0.105-3+nmu1
debian 12	policykit-1	>=0 <0.105-3+nmu1	0.105-3+nmu1
debian 13	policykit-1	>=0 <0.105-3+nmu1	0.105-3+nmu1

Aliases

1. CVE-2013-42882. NVD-2013-42883. OSV-DEBIAN-2013-42884. OSV-2013-42885. SECURITY-TRACKER-CVE-2013-4288

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.