CVE-2013-4326

NameCVE-2013-4326
DescriptionRealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs723714

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rtkit (PTS)jessie0.11-2fixed
stretch0.11-4+deb9u1fixed
buster0.11-6fixed
bullseye, sid0.13-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
rtkitsource(unstable)0.10-3723714
rtkitsourcewheezy0.10-2+wheezy1

Search for package or bug name: Reporting problems