vulnerability

SUSE: CVE-2017-7572: SUSE Linux Security Advisory

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Apr 6, 2017
Added
May 2, 2017
Modified
Jan 26, 2018

Description

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc//status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.

Solution(s)

suse-upgrade-backintimesuse-upgrade-backintime-langsuse-upgrade-backintime-qt4
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.