CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-1062

ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and 0.2.2 before 0.2.2.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 14.2%

CVSS Severity

CVSS v2 Score 4.6

References

Products affected by CVE-2013-1062

Michael Vogt » Ubuntu-System-Service » Version: 0.2.2

cpe:2.3:a:michael_vogt:ubuntu-system-service:0.2.2
Michael Vogt » Ubuntu-System-Service » Version: 0.2.3

cpe:2.3:a:michael_vogt:ubuntu-system-service:0.2.3
Michael Vogt » Ubuntu-System-Service » Version: 0.2.4

cpe:2.3:a:michael_vogt:ubuntu-system-service:0.2.4
Canonical » Ubuntu Linux » Version: 12.04

cpe:2.3:o:canonical:ubuntu_linux:12.04
Canonical » Ubuntu Linux » Version: 12.10

cpe:2.3:o:canonical:ubuntu_linux:12.10
Canonical » Ubuntu Linux » Version: 13.04

cpe:2.3:o:canonical:ubuntu_linux:13.04

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-1062

Products

Pricing

Contact Us