Unrated severityNVD Advisory· Published Sep 23, 2013· Updated Apr 29, 2026
CVE-2013-4325
CVE-2013-4325
Description
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
Affected products
35cpe:2.3:a:hp:linux_imaging_and_printing_project:1.0:*:*:*:*:*:*:*+ 34 more
- cpe:2.3:a:hp:linux_imaging_and_printing_project:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:2.7.10:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.10.2:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.10.5:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.10.6:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.10.9:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.10:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.3a:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.5:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.11.7:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.12.10:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.12.10:a:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.12.11:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.12.4:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.12.6:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.12.9:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.5:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.6:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.7:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.8:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.13.9:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.12:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.4b:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:hp:linux_imaging_and_printing_project:3.9.8:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- lists.opensuse.org/opensuse-updates/2013-10/msg00062.htmlnvd
- lists.opensuse.org/opensuse-updates/2013-11/msg00000.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-1274.htmlnvd
- www.debian.org/security/2013/dsa-2829nvd
- www.ubuntu.com/usn/USN-1956-1nvd
- bugzilla.redhat.com/show_bug.cginvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.