Unrated severityNVD Advisory· Published Oct 3, 2013· Updated Apr 29, 2026
CVE-2013-1065
CVE-2013-1065
Description
backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Affected products
12cpe:2.3:a:martin_pitt:jockey:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:martin_pitt:jockey:*:*:*:*:*:*:*:*range: <=0.9.7-0ubuntu7.10
- cpe:2.3:a:martin_pitt:jockey:0.9.7-0ubuntu7:*:*:*:*:*:*:*
- cpe:2.3:a:martin_pitt:jockey:0.9.7-0ubuntu7.1:*:*:*:*:*:*:*
- cpe:2.3:a:martin_pitt:jockey:0.9.7-0ubuntu7.2:*:*:*:*:*:*:*
- cpe:2.3:a:martin_pitt:jockey:0.9.7-0ubuntu7.3:*:*:*:*:*:*:*
- cpe:2.3:a:martin_pitt:jockey:0.9.7-0ubuntu7.4:*:*:*:*:*:*:*
- cpe:2.3:a:martin_pitt:jockey:0.9.7-0ubuntu7.5:*:*:*:*:*:*:*
- cpe:2.3:a:martin_pitt:jockey:0.9.7-0ubuntu7.6:*:*:*:*:*:*:*
- cpe:2.3:a:martin_pitt:jockey:0.9.7-0ubuntu7.7:*:*:*:*:*:*:*
- cpe:2.3:a:martin_pitt:jockey:0.9.7-0ubuntu7.8:*:*:*:*:*:*:*
- cpe:2.3:a:martin_pitt:jockey:0.9.7-0ubuntu7.9:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- launchpad.net/ubuntu/+source/jockey/0.9.7-0ubuntu7.11nvdPatch
- secunia.com/advisories/54912nvdVendor Advisory
- www.ubuntu.com/usn/USN-1957-1nvd
News mentions
0No linked articles in our index yet.