CVE-2017-7572 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-7572): The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.
Stabilization and removal of affected version 1.1.12 is handled via bug 636974.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e12f546404f2b91fc7052146f705bdbf5eb44e2 commit 9e12f546404f2b91fc7052146f705bdbf5eb44e2 Author: Michael Weber <xmw@gentoo.org> AuthorDate: 2017-12-22 08:51:37 +0000 Commit: Michael Weber <xmw@gentoo.org> CommitDate: 2017-12-22 08:51:49 +0000 app-backup/backintime: Remove security affected version. - Remote code execution vulnerability (CVE-2017-16667) Bug: https://bugs.gentoo.org/636042 - Race condition (CVE-2017-7572) Bug: https://bugs.gentoo.org/636974 Package-Manager: Portage-2.3.19, Repoman-2.3.6 app-backup/backintime/Manifest | 1 - app-backup/backintime/backintime-1.1.12.ebuild | 77 -------------------------- 2 files changed, 78 deletions(-)}
GLSA Vote: No 1.1.24 is not vulnerable and is stable. I am not sure why 1.1.18 was considered safe. No patch visible from that time.
