ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2013.0293
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2013-0293)
Resumen:	The remote host is missing an update for the 'hplip, polkit, rtkit, spice-gtk, systemd' package(s) announced via the MGASA-2013-0293 advisory.
Descripción:	Summary: The remote host is missing an update for the 'hplip, polkit, rtkit, spice-gtk, systemd' package(s) announced via the MGASA-2013-0293 advisory. Vulnerability Insight: A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges (CVE-2013-4288). Note: Applications that invoke pkcheck with the --process option need to be modified to use the pid,pid-start-time,uid argument for that option, to allow pkcheck to check process authorization correctly. Because of the change in the PolicyKit API, the spice-gtk (CVE-2013-4324), hplip (CVE-2013-4325), rtkit (CVE-2013-4326), and systemd (CVE-2013-4327) packages have been updated to use a different API that is not affected by this PolicyKit vulnerability. The libvirt package will also be updated for the same reason, but this update will come in a separate advisory. Affected Software/OS: 'hplip, polkit, rtkit, spice-gtk, systemd' package(s) on Mageia 2, Mageia 3. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-4288 RHSA-2013:1270 http://rhn.redhat.com/errata/RHSA-2013-1270.html RHSA-2013:1460 http://rhn.redhat.com/errata/RHSA-2013-1460.html USN-1953-1 http://www.ubuntu.com/usn/USN-1953-1 [oss-security] 20130918 Fwd: [vs-plain] polkit races http://www.openwall.com/lists/oss-security/2013/09/18/4 [oss-security] 20130918 Re: Fwd: [vs-plain] polkit races http://seclists.org/oss-sec/2013/q3/626 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=1002375 openSUSE-SU-2013:1527 http://lists.opensuse.org/opensuse-updates/2013-10/msg00004.html openSUSE-SU-2013:1528 http://lists.opensuse.org/opensuse-updates/2013-10/msg00005.html openSUSE-SU-2013:1617 http://lists.opensuse.org/opensuse-updates/2013-10/msg00062.html openSUSE-SU-2013:1620 http://lists.opensuse.org/opensuse-updates/2013-11/msg00000.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4324 54947 http://secunia.com/advisories/54947 62538 http://www.securityfocus.com/bid/62538 RHSA-2013:1273 http://rhn.redhat.com/errata/RHSA-2013-1273.html http://www.openwall.com/lists/oss-security/2013/09/18/6 openSUSE-SU-2013:1562 http://lists.opensuse.org/opensuse-updates/2013-10/msg00031.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4325 DSA-2829 http://www.debian.org/security/2013/dsa-2829 RHSA-2013:1274 http://rhn.redhat.com/errata/RHSA-2013-1274.html USN-1956-1 http://www.ubuntu.com/usn/USN-1956-1 https://bugzilla.redhat.com/show_bug.cgi?id=1002375 https://bugzilla.redhat.com/show_bug.cgi?id=1006674 Common Vulnerability Exposure (CVE) ID: CVE-2013-4326 RHSA-2013:1282 http://rhn.redhat.com/errata/RHSA-2013-1282.html https://bugzilla.redhat.com/show_bug.cgi?id=1006677 openSUSE-SU-2013:1548 http://lists.opensuse.org/opensuse-updates/2013-10/msg00022.html openSUSE-SU-2013:1597 http://lists.opensuse.org/opensuse-updates/2013-10/msg00051.html Common Vulnerability Exposure (CVE) ID: CVE-2013-4327 DSA-2777 http://www.debian.org/security/2013/dsa-2777 USN-1961-1 http://www.ubuntu.com/usn/USN-1961-1 https://bugzilla.redhat.com/show_bug.cgi?id=1006680
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.