Vulnerability Details CVE-2017-7572
The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.8%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 9.3
References
Products affected by CVE-2017-7572
-
cpe:2.3:a:backintime_project:backintime:0.7.4
-
cpe:2.3:a:backintime_project:backintime:0.8.0
-
cpe:2.3:a:backintime_project:backintime:0.8.12
-
cpe:2.3:a:backintime_project:backintime:0.8.14
-
cpe:2.3:a:backintime_project:backintime:0.8.16
-
cpe:2.3:a:backintime_project:backintime:0.8.18
-
cpe:2.3:a:backintime_project:backintime:0.8.20
-
cpe:2.3:a:backintime_project:backintime:0.8.8
-
cpe:2.3:a:backintime_project:backintime:0.9.0
-
cpe:2.3:a:backintime_project:backintime:0.9.10
-
cpe:2.3:a:backintime_project:backintime:0.9.12
-
cpe:2.3:a:backintime_project:backintime:0.9.14
-
cpe:2.3:a:backintime_project:backintime:0.9.16
-
cpe:2.3:a:backintime_project:backintime:0.9.18
-
cpe:2.3:a:backintime_project:backintime:0.9.2
-
cpe:2.3:a:backintime_project:backintime:0.9.20
-
cpe:2.3:a:backintime_project:backintime:0.9.22
-
cpe:2.3:a:backintime_project:backintime:0.9.24
-
cpe:2.3:a:backintime_project:backintime:0.9.26
-
cpe:2.3:a:backintime_project:backintime:0.9.4
-
cpe:2.3:a:backintime_project:backintime:0.9.6
-
cpe:2.3:a:backintime_project:backintime:0.9.8
-
cpe:2.3:a:backintime_project:backintime:1.0.0
-
cpe:2.3:a:backintime_project:backintime:1.0.12
-
cpe:2.3:a:backintime_project:backintime:1.0.14
-
cpe:2.3:a:backintime_project:backintime:1.0.16
-
cpe:2.3:a:backintime_project:backintime:1.0.18
-
cpe:2.3:a:backintime_project:backintime:1.0.2
-
cpe:2.3:a:backintime_project:backintime:1.0.20
-
cpe:2.3:a:backintime_project:backintime:1.0.24
-
cpe:2.3:a:backintime_project:backintime:1.0.28
-
cpe:2.3:a:backintime_project:backintime:1.0.30
-
cpe:2.3:a:backintime_project:backintime:1.0.36
-
cpe:2.3:a:backintime_project:backintime:1.0.38
-
cpe:2.3:a:backintime_project:backintime:1.0.4
-
cpe:2.3:a:backintime_project:backintime:1.0.40
-
cpe:2.3:a:backintime_project:backintime:1.0.6
-
cpe:2.3:a:backintime_project:backintime:1.1.0
-
cpe:2.3:a:backintime_project:backintime:1.1.10
-
cpe:2.3:a:backintime_project:backintime:1.1.12
-
cpe:2.3:a:backintime_project:backintime:1.1.14
-
cpe:2.3:a:backintime_project:backintime:1.1.16
-
cpe:2.3:a:backintime_project:backintime:1.1.18
-
cpe:2.3:a:backintime_project:backintime:1.1.2
-
cpe:2.3:a:backintime_project:backintime:1.1.4
-
cpe:2.3:a:backintime_project:backintime:1.1.6
-
cpe:2.3:a:backintime_project:backintime:1.1.8