[v2.4] CVE-2013-4288 CVE-2013-4324 CVE-2013-4311: polkit, spice-gtk, libvirt: bypass intended access restrictions
Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the —process (unix-process) option for authorization to pkcheck.
Seems to be fixed in polkit-0.112 (http://cgit.freedesktop.org/polkit/commit/?id=3968411b0c7ba193f9b9276ec911692aec248608). If so Alpine Linux v2.4 to v2.7 are vulnerable.
•MLIST:[oss-security] 20130918 Fwd: [vs-plain] polkit races
•URL:http://www.openwall.com/lists/oss-security/2013/09/18/4
•MLIST:[oss-security] 20130918 Re: Fwd: [vs-plain] polkit races
•URL:http://seclists.org/oss-sec/2013/q3/626
•MISC:http://bugzilla.redhat.com/bugzilla/show\_bug.cgi?id=1002375
•REDHAT:RHSA-2013:1270
•URL:http://rhn.redhat.com/errata/RHSA-2013-1270.html
•REDHAT:RHSA-2013:1460
•URL:http://rhn.redhat.com/errata/RHSA-2013-1460.html
•SUSE:openSUSE-SU-2013:1527
•URL:http://lists.opensuse.org/opensuse-updates/2013-10/msg00004.html
•SUSE:openSUSE-SU-2013:1528
•URL:http://lists.opensuse.org/opensuse-updates/2013-10/msg00005.html
•UBUNTU:USN-1953-1
•URL:http://www.ubuntu.com/usn/USN-1953-1
(from redmine: issue id 2472, created on 2013-12-03, closed on 2014-01-07)
- Relations:
- parent #2471 (closed)
- Changesets:
- Revision 43de28a5 by Natanael Copa on 2013-12-24T11:11:53Z:
main/polkit: security fix for CVE-2013-4288
ref #2471
fixes #2472