vulnerability
SUSE: CVE-2017-7572: SUSE Linux Security Advisory
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Apr 6, 2017 | May 2, 2017 | Jan 26, 2018 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Apr 6, 2017
Added
May 2, 2017
Modified
Jan 26, 2018
Description
The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc//status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.
Solution(s)
suse-upgrade-backintimesuse-upgrade-backintime-langsuse-upgrade-backintime-qt4
References

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.