{"id":"CVE-2017-7572","details":"The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/\u003cpid\u003e/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.","modified":"2026-04-10T04:02:06.412010Z","published":"2017-04-06T18:59:00.353Z","related":["openSUSE-SU-2024:10647-1"],"references":[{"type":"ADVISORY","url":"https://github.com/bit-team/backintime/commit/7f208dc547f569b689c888103e3b593a48cd1869"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bit-team/backintime","events":[{"introduced":"0"},{"last_affected":"3996f979cae95d3f8d759c2e52295594a231a0c0"},{"fixed":"7f208dc547f569b689c888103e3b593a48cd1869"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.1.18"}]}}],"versions":["v0.7.4","v0.8.0","v0.8.12","v0.8.14","v0.8.16","v0.8.18","v0.8.20","v0.8.8","v0.9.0","v0.9.10","v0.9.12","v0.9.14","v0.9.16","v0.9.18","v0.9.2","v0.9.20","v0.9.22","v0.9.24","v0.9.26","v0.9.4","v0.9.6","v0.9.8","v1.0.0","v1.0.12","v1.0.14","v1.0.18","v1.0.2","v1.0.20","v1.0.24","v1.0.28","v1.0.4","v1.0.6","v1.1.0","v1.1.10","v1.1.12","v1.1.14","v1.1.16","v1.1.18","v1.1.2","v1.1.4","v1.1.6","v1.1.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-7572.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}