MidnightBSD

Advisories for martin_pitt

CVE-2013-1065 MEDIUM

backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
martin_pitt jockey 0.9.7-0ubuntu7
martin_pitt jockey 0.9.7-0ubuntu7.1
martin_pitt jockey 0.9.7-0ubuntu7.5
martin_pitt jockey 0.9.7-0ubuntu7.4
canonical ubuntu_linux 12.04
martin_pitt jockey 0.9.7-0ubuntu7.8
martin_pitt jockey 0.9.7-0ubuntu7.9
martin_pitt jockey 0.9.7-0ubuntu7.7
martin_pitt jockey *
martin_pitt jockey 0.9.7-0ubuntu7.6
martin_pitt jockey 0.9.7-0ubuntu7.2
martin_pitt jockey 0.9.7-0ubuntu7.3