Unrated severityNVD Advisory· Published Oct 3, 2013· Updated Apr 29, 2026

CVE-2013-1064

Description

apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and 0.44ubuntu5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Affected products

Canonical (company)/Apt Xapian Index3 versions
cpe:2.3:a:canonical:apt-xapian-index:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:canonical:apt-xapian-index:*:*:*:*:*:*:*:*range: >=0.45ubuntu1,<0.45ubuntu2.1
- cpe:2.3:a:canonical:apt-xapian-index:0.44ubuntu5.1:*:*:*:*:*:*:*
- cpe:2.3:a:canonical:apt-xapian-index:0.44ubuntu7.1:*:*:*:*:*:*:*
Canonical (company)/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

launchpad.net/ubuntu/+source/apt-xapian-index/0.44ubuntu5.1nvdPatch
launchpad.net/ubuntu/+source/apt-xapian-index/0.44ubuntu7.1nvdPatch
launchpad.net/ubuntu/+source/apt-xapian-index/0.45ubuntu2.1nvdPatch
secunia.com/advisories/54914nvdVendor Advisory
www.ubuntu.com/usn/USN-1955-1nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000