{"id":"CVE-2013-4288","details":"Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.","modified":"2026-04-16T06:18:51.148527419Z","published":"2013-10-03T21:55:04Z","related":["openSUSE-SU-2024:10356-1","openSUSE-SU-2024:10436-1"],"references":[{"type":"ADVISORY","url":"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1002375"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00004.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00005.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00062.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2013-11/msg00000.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-1270.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-1460.html"},{"type":"ADVISORY","url":"http://seclists.org/oss-sec/2013/q3/626"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2013/09/18/4"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-1953-1"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00004.html"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00005.html"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-updates/2013-10/msg00062.html"},{"type":"ARTICLE","url":"http://lists.opensuse.org/opensuse-updates/2013-11/msg00000.html"},{"type":"ARTICLE","url":"http://seclists.org/oss-sec/2013/q3/626"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2013/09/18/4"},{"type":"FIX","url":"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1002375"},{"type":"REPORT","url":"http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1002375"}],"schema_version":"1.7.5"}