Summary: | <net-misc/spice-gtk-0.21: use of insecure polkit libgobject-1 API (CVE-2013-4324) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Doug Goldstein (RETIRED) <cardoe> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B1 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 484486, 485550 | ||
Bug Blocks: | 485328 |
Description
Doug Goldstein (RETIRED)
2013-09-19 16:23:37 UTC
amd64 stable x86 stable Added to the polkit GLSA. CVE-2013-4324 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4324): spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. This issue was resolved and addressed in GLSA 201406-27 at http://security.gentoo.org/glsa/glsa-201406-27.xml by GLSA coordinator Chris Reffett (creffett). |