mirror of
https://github.com/0xMarcio/cve.git
synced 2026-04-12 00:58:33 +02:00
978 B
978 B
CVE-2017-7572
Description
The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc//status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.
POC
Reference
No PoCs from references.