Vulnerability Details : CVE-2013-1066
language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
Products affected by CVE-2013-1066
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:a:ubuntu_developers:language-selector:0.79.1:*:*:*:*:*:*:*
- cpe:2.3:a:ubuntu_developers:language-selector:0.79.2:*:*:*:*:*:*:*
- cpe:2.3:a:ubuntu_developers:language-selector:0.79.3:*:*:*:*:*:*:*
- cpe:2.3:a:ubuntu_developers:language-selector:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:ubuntu_developers:language-selector:0.110:*:*:*:*:*:*:*
- cpe:2.3:a:ubuntu_developers:language-selector:0.79:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-1066
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1066
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.6
|
MEDIUM | AV:L/AC:L/Au:N/C:P/I:P/A:P |
3.9
|
6.4
|
NIST |
CWE ids for CVE-2013-1066
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1066
-
https://launchpad.net/ubuntu/+source/language-selector/0.110.1
0.110.1 : language-selector package : UbuntuPatch
-
https://launchpad.net/ubuntu/+source/language-selector/0.90.1
0.90.1 : language-selector package : UbuntuPatch
-
http://www.ubuntu.com/usn/USN-1958-1
USN-1958-1: language-selector vulnerability | Ubuntu security noticesVendor Advisory
-
https://launchpad.net/ubuntu/+source/language-selector/0.79.4
0.79.4 : language-selector package : UbuntuPatch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/87379
Ubuntu language-selector package security bypass CVE-2013-1066 Vulnerability Report
Jump to