Headline
CVE-2013-4327: USN-1961-1: systemd vulnerability | Ubuntu security notices | Ubuntu
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
18 September 2013
systemd could be tricked into bypassing polkit authorizations.
Releases
- Ubuntu 13.04
Packages
- systemd - system and service manager
Details
It was discovered that systemd was using polkit in an unsafe manner. A
local attacker could possibly use this issue to bypass intended polkit
authorizations.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.04
- systemd-services - 198-0ubuntu11.2
After a standard system update you need to reboot your computer to make
all the necessary changes.