Access Bypass Vulnerability in HP Linux Imaging and Printing Software by HP
CVE-2013-4325
Currently unrated
Key Information:
- Vendor
- HP
- Vendor
- CVE Published:
- 23 September 2013
Summary
The check_permission_v1 function in the HP Linux Imaging and Printing (HPLIP) software up to version 3.13.9 improperly utilizes D-Bus for communication with a Polkit authority. This vulnerability allows local users to exploit a race condition involving PolkitUnixProcess PolkitSubject. By leveraging either a setuid process or a pkexec process, attackers can bypass designed access restrictions, potentially compromising system integrity and confidentiality.
References
Timeline
Vulnerability published
Vulnerability Reserved