CVE-2013-4311

Publication date 18 September 2013

Last updated 24 July 2024


Ubuntu priority

libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x before 0.9.12.2 allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition in pkcheck via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Status

Package Ubuntu Release Status
libvirt 13.04 raring
Fixed 1.0.2-0ubuntu11.13.04.4
12.10 quantal
Fixed 0.9.13-0ubuntu12.5
12.04 LTS precise
Fixed 0.9.8-2ubuntu17.13
10.04 LTS lucid
Fixed 0.7.5-5ubuntu27.24

References

Related Ubuntu Security Notices (USN)

    • USN-1954-1
    • libvirt vulnerabilities
    • 18 September 2013

Other references