Novell Home

CVE-2013-4325

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-4325 at MITRE

Description

The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.

NVD CVSS v2 Base Score: 6.9 (AV:L/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entries: 808355, 836931, 836932, 836937, 852368

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SLE 11 SP3 DEBUGINFO
  • hplip-debuginfo >= 3.11.10-0.6.11.1
  • hplip-debugsource >= 3.11.10-0.6.11.1
Builds
SAT Patch Nr: 8775
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3 for VMware
  • hplip >= 3.11.10-0.6.11.1
  • hplip-hpijs >= 3.11.10-0.6.11.1
Builds
SAT Patch Nr: 8775
SLE 11 SP2 DEBUGINFO
  • hplip-debuginfo >= 3.11.10-0.6.11.1
  • hplip-debugsource >= 3.11.10-0.6.11.1
Builds
SAT Patch Nr: 8777
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Server 11 SP2
SUSE Linux Enterprise Server 11 SP2 for VMware
  • hplip >= 3.11.10-0.6.11.1
  • hplip-hpijs >= 3.11.10-0.6.11.1
Builds
SAT Patch Nr: 8777

© 2014 Novell