Mandriva Linux Security Advisory 2013-243 - A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges.
91ca06b6329364c75747c0f85a55c45bc6033f08b2e6bb7fa73577a3bf412762Red Hat Security Advisory 2013-1282-01 - RealtimeKit is a D-Bus system service that changes the scheduling policy of user processes/threads to SCHED_RR on request. It is intended to be used as a secure mechanism to allow real-time scheduling to be used by normal user processes. It was found that RealtimeKit communicated with PolicyKit for authorization using a D-Bus API that is vulnerable to a race condition. This could have led to intended PolicyKit authorizations being bypassed. This update modifies RealtimeKit to communicate with PolicyKit via a different API that is not vulnerable to the race condition.
0c4ac21cdde7e806c617a55e30cacf46e89b8ea87b28d067577c29d5569e2e19Ubuntu Security Notice 1959-1 - It was discovered that RealtimeKit was using polkit in an unsafe manner. A local attacker could possibly use this issue to bypass intended polkit authorizations.
8451920a39790b95476dece7cb3f02ad21d25f9d915f1b408cc768c05e5a3a8e
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed