{"id":"UBUNTU-CVE-2017-7572","details":"The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/\u003cpid\u003e/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.","modified":"2025-07-16T07:37:11.281587Z","published":"2017-04-06T18:59:00Z","withdrawn":"2025-07-18T16:43:56Z","upstream":["CVE-2017-7572"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-7572"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2017-7572"}],"affected":[{"package":{"name":"backintime","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/backintime@1.1.12-2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.12-2"}]}],"ecosystem_specific":{"binaries":[{"binary_name":"backintime-common","binary_version":"1.1.12-2"},{"binary_name":"backintime-gnome","binary_version":"1.1.12-2"},{"binary_name":"backintime-kde","binary_version":"1.1.12-2"},{"binary_name":"backintime-qt4","binary_version":"1.1.12-2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-7572.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"low"}]}