CVE-2013-4311

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Published: Oct 3, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-4311
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
redhat / libvirt	1.0.5.4	1.0.5.4.x
redhat / libvirt	1.0.5.3	1.0.5.3.x
redhat / libvirt	0.10.2.2	0.10.2.2.x
redhat / libvirt	1.0.5	1.0.5.x
redhat / libvirt	0.10.2.7	0.10.2.7.x
redhat / libvirt	0.10.2.4	0.10.2.4.x
redhat / libvirt	0.10.2.1	0.10.2.1.x
redhat / libvirt	0.10.2.6	0.10.2.6.x
redhat / libvirt	0.9.12	0.9.12.x
redhat / libvirt	0.10.2.3	0.10.2.3.x
redhat / libvirt	1.0.5.1	1.0.5.1.x
redhat / libvirt	0.10.2	0.10.2.x
redhat / libvirt	1.0.5.2	1.0.5.2.x
redhat / libvirt	0.10.2.5	0.10.2.5.x
redhat / libvirt	1.0.5.5	1.0.5.5.x
canonical / ubuntu_linux	13.04	13.04.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	10.04	10.04.x
redhat / enterprise_linux	6.0	6.0.x

Vulnerability Database

CVE-2013-4311

Deep Security Visibility Without the Complexity