You are here

CVE-2013-4325

Vincent (CVE) Danen's picture
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.

Details Source

Mitre

Public Date

2013-09-18 00:00:00

Impact

Important

Bugzilla

CVE-2013-4325 hplip: Insecure calling of polkit

Bugzilla ID

1 006 674

CVSS Status

verified

Base Score

6.90

Base Metrics

AV:L/AC:M/Au:N/C:C/I:C/A:C

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (hplip) RHSA-2013:1274 2013-09-19

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 hplip Not affected