CVE-2013-4325 — Vulnetix

Try Vulnetix Request Demo

CVE-2013-4325 PUBLISHED CVSS 6.900000095367432 MEDIUM

The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.

EPSS 0.07% · 20.0th percentile

Risk Scores

CVSS v2.0

6.900000095367432

EPSS Score

0.07%

20.0th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
hp	linux_imaging_and_printing_project	1.0, 2.0, 2.7.10

Timeline

Sep 23, 2013 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

RHSA-2013:1274 vendor-advisory
USN-1956-1 vendor-advisory
openSUSE-SU-2013:1617 vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1002375 url
DSA-2829 vendor-advisory
openSUSE-SU-2013:1620 vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1006674 url
https://nvd.nist.gov/vuln/detail/CVE-2013-4325 advisory

Open in Interactive Console →