835827 – (CVE-2013-4288) VUL-0: CVE-2013-4288: polkit: process subject race condition

Bug 835827 (CVE-2013-4288) - VUL-0: CVE-2013-4288: polkit: process subject race condition

Summary: VUL-0: CVE-2013-4288: polkit: process subject race condition

Status:	RESOLVED FIXED

Alias:	CVE-2013-4288

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P2 - High Severity: Normal
Target Milestone:	---
Assignee:	Cristian Rodríguez
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:running:54850:moderate maint:re...
Keywords:

Depends on:
Blocks:	CVE-2013-4311 836932 CVE-2013-4325 CVE-2013-4326
	Show dependency tree / graph

Clone This Bug

Reported:	2013-08-21 08:32 UTC by Sebastian Krahmer
Modified:	2019-05-01 16:07 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2013-08-21 08:32:05 UTC

This is a place holder for the upcoming polkit pkcheck race fix
which is discussed with upstream.

Comment 1 Swamp Workflow Management 2013-08-21 22:00:10 UTC

bugbot adjusting priority

Comment 2 Sebastian Krahmer 2013-08-27 08:52:58 UTC

Problem:

Using PID (even with start_time) to check for authorization is
racy and always will be. Attackers can start suid/create new UID 0
processes with the same PID, right after sending the
request.

Only rely on UID when checking which comes atomically with
peer credentials.

Comment 3 Sebastian Krahmer 2013-08-28 06:12:14 UTC

Upstream private patch git:

http://people.freedesktop.org/~walters/secret/38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b/

Comment 4 Sebastian Krahmer 2013-09-09 07:37:26 UTC

CVE-2013-4288

Comment 5 Sebastian Krahmer 2013-09-09 07:38:04 UTC

CRD Sept 11th

Comment 6 Sebastian Krahmer 2013-09-11 06:29:44 UTC

New CRD is being negotiated

Comment 7 Sebastian Krahmer 2013-09-11 14:38:46 UTC

New CRD: Sept 18th

Comment 8 Sebastian Krahmer 2013-09-18 11:50:11 UTC

Making public

Comment 9 Cristian Rodríguez 2013-09-18 16:36:25 UTC

according to the repository above, the following components need update for this problem to be fixed

polkit
libvirt
systemd
spice-gtk
hplip
rtkit

Comment 10 Bernhard Wiedemann 2013-09-19 08:00:16 UTC

This is an autogenerated message for OBS integration:
This bug (835827) was mentioned in
https://build.opensuse.org/request/show/199692 Factory / systemd

Comment 11 Sebastian Krahmer 2013-09-23 07:55:31 UTC

Exactly; for the other packages you mention there is a BZ for each.

Comment 12 Swamp Workflow Management 2013-10-31 15:04:45 UTC

openSUSE-SU-2013:1617-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 835827,836937
CVE References: CVE-2013-4288,CVE-2013-4325
Sources used:
openSUSE 12.3 (src):    hplip-3.12.11-2.5.1
openSUSE 12.2 (src):    hplip-3.12.4-3.6.1

Comment 13 Swamp Workflow Management 2013-11-01 08:04:20 UTC

openSUSE-SU-2013:1620-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 835827,836937
CVE References: CVE-2013-4288,CVE-2013-4325
Sources used:
openSUSE 11.4 (src):    hplip-3.11.5-1.15.1

Comment 14 systemd maintainers 2013-11-26 09:49:13 UTC

This one is fixed

Comment 15 Swamp Workflow Management 2014-02-03 16:58:28 UTC

Update released for: hplip, hplip-debuginfo, hplip-debugsource, hplip-hpijs
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)

Comment 16 Swamp Workflow Management 2014-02-03 20:04:31 UTC

SUSE-SU-2014:0188-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 808355,835827,836937,852368
CVE References: CVE-2013-0200,CVE-2013-4325,CVE-2013-6402
Sources used:
SUSE Linux Enterprise Server 11 SP2 for VMware (src):    hplip-3.11.10-0.6.11.1
SUSE Linux Enterprise Server 11 SP2 (src):    hplip-3.11.10-0.6.11.1
SUSE Linux Enterprise Desktop 11 SP2 (src):    hplip-3.11.10-0.6.11.1

Comment 17 Swamp Workflow Management 2014-02-06 20:04:38 UTC

SUSE-SU-2014:0188-2: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 808355,835827,836937,852368
CVE References: CVE-2013-0200,CVE-2013-4325,CVE-2013-6402
Sources used:
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    hplip-3.11.10-0.6.11.1
SUSE Linux Enterprise Server 11 SP3 (src):    hplip-3.11.10-0.6.11.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    hplip-3.11.10-0.6.11.1