Local Access Bypass Vulnerability in Language Selector by Ubuntu
CVE-2013-1066

Currently unrated

Key Information:

Vendor: Ubuntu Developers
Status: Language-selector
Vendor: CVE Published:; 3 October 2013

🔔 Create Ubuntu Developers Vulnerability Alert

What is CVE-2013-1066?

The Language Selector product from Ubuntu has a vulnerability that permits local users to bypass established access restrictions. This issue arises from insufficient D-Bus communication with the polkit authority, leading to potential exploitation through a race condition associated with the PolkitUnixProcess PolkitSubject. Attackers can leverage this vulnerability via setuid or pkexec processes, compromising the integrity of the system.

References

https://launchpad.net/ubuntu/+source/language-selector/0....

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/87379

vdb-entryx_refsource_XF

https://launchpad.net/ubuntu/+source/language-selector/0....

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 3, 2013
Vulnerability Reserved
Jan 11, 2013