CVE-2013-4326

NameCVE-2013-4326
DescriptionRealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs723714

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rtkit (PTS)buster0.11-6fixed
bullseye0.13-4fixed
sid, trixie, bookworm0.13-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
rtkitsourcewheezy0.10-2+wheezy1
rtkitsource(unstable)0.10-3723714
Search for package or bug name: Reporting problems