mirror of
https://github.com/0xMarcio/cve.git
synced 2026-03-11 12:56:54 +00:00
830 B
830 B
CVE-2013-4324
Description
spice-gtk 0.14, and possibly other versions, invokes the polkit authority using the insecure polkit_unix_process_new API function, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
POC
Reference
Github
No PoCs found on GitHub currently.