VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 3, 2013· Updated Apr 29, 2026

CVE-2013-1061

CVE-2013-1061

Description

dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Affected products

14
  • Marc Deslauriers/Software Properties11 versions
    cpe:2.3:a:marc_deslauriers:software-properties:0.82.7:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:marc_deslauriers:software-properties:0.82.7:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_deslauriers:software-properties:0.82.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_deslauriers:software-properties:0.82.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_deslauriers:software-properties:0.82.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_deslauriers:software-properties:0.82.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_deslauriers:software-properties:0.92.17:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_deslauriers:software-properties:0.92.17.1:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_deslauriers:software-properties:0.92.17.2:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_deslauriers:software-properties:0.92.9:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_deslauriers:software-properties:0.92.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:marc_deslauriers:software-properties:0.92.9.2:*:*:*:*:*:*:*
  • Canonical/Ubuntu Linux3 versions
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*+ 2 more
    • cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.