Home

CVE-2013-4325

Description

The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.065

Associated Vulnerability

VulnerabilityOS Platform
HP Linux Printing and Imaging System (HPLIP) (USN-1956-1) hplip_3.12.2-1ubuntu3.5_i386.debLinux
HP Linux Printing and Imaging System (HPLIP) (USN-1956-1) hplip_3.12.2-1ubuntu3.5_amd64.debLinux
hplip security update(DSA-2829-1) hplip_3.12.6-3.1+deb7u1_i386.debLinux
(RHSA-2013:1274) Important: hplip security update hpijs-3.12.4-4.el6_4.1.i686.rpmLinux
(RHSA-2013:1274) Important: hplip security update hpijs-3.12.4-4.el6_4.1.x86_64.rpmLinux
(RHSA-2013:1274) Important: hplip security update hplip-3.12.4-4.el6_4.1.i686.rpmLinux
(RHSA-2013:1274) Important: hplip security update hplip-3.12.4-4.el6_4.1.x86_64.rpmLinux
(RHSA-2013:1274) Important: hplip security update hplip-common-3.12.4-4.el6_4.1.i686.rpmLinux
(RHSA-2013:1274) Important: hplip security update hplip-common-3.12.4-4.el6_4.1.x86_64.rpmLinux
(RHSA-2013:1274) Important: hplip security update hplip-gui-3.12.4-4.el6_4.1.i686.rpmLinux
(RHSA-2013:1274) Important: hplip security update hplip-gui-3.12.4-4.el6_4.1.x86_64.rpmLinux
(RHSA-2013:1274) Important: hplip security update hplip-libs-3.12.4-4.el6_4.1.i686.rpmLinux
(RHSA-2013:1274) Important: hplip security update hplip-libs-3.12.4-4.el6_4.1.x86_64.rpmLinux
(RHSA-2013:1274) Important: hplip security update libsane-hpaio-3.12.4-4.el6_4.1.i686.rpmLinux
(RHSA-2013:1274) Important: hplip security update libsane-hpaio-3.12.4-4.el6_4.1.x86_64.rpmLinux
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 2.7.10NCM
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 3.10.9NCM
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 3.11.5NCM
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 3.11.7NCM
Vulnerabilities CVE-2011-2722 ,CVE-2012-6108 ,CVE-2013-0200 ,CVE-2013-4325 ,CVE-2013-6402 are affected in linux_imaging_and_printing_project 2.0NCM
Vulnerabilities CVE-2011-2722 ,CVE-2012-6108 ,CVE-2013-0200 ,CVE-2013-4325 ,CVE-2013-6402 are affected in linux_imaging_and_printing_project 1.0NCM
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 3.11.3aNCM
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 3.11.3NCM
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 3.11.1NCM
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 3.10.6NCM
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 3.10.5NCM
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 3.10.2NCM
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 3.9.12NCM
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 3.9.10NCM
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 3.9.8NCM
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 3.9.6NCM
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 3.9.4bNCM
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 3.9.4NCM
Multiple Vulnerabilities affected in linux_imaging_and_printing_project 3.9.2NCM
Vulnerabilities CVE-2012-6108 ,CVE-2013-4325 ,CVE-2013-6402 ,CVE-2013-6427 are affected in linux_imaging_and_printing_project 3.12.11NCM
Vulnerabilities CVE-2012-6108 ,CVE-2013-4325 ,CVE-2013-6402 ,CVE-2013-6427 are affected in linux_imaging_and_printing_project 3.12.10-aNCM
Vulnerabilities CVE-2012-6108 ,CVE-2013-4325 ,CVE-2013-6402 ,CVE-2013-6427 are affected in linux_imaging_and_printing_project 3.12.10NCM
Vulnerabilities CVE-2012-6108 ,CVE-2013-4325 ,CVE-2013-6402 ,CVE-2013-6427 are affected in linux_imaging_and_printing_project 3.12.9NCM
Vulnerabilities CVE-2012-6108 ,CVE-2013-4325 ,CVE-2013-6402 ,CVE-2013-6427 are affected in linux_imaging_and_printing_project 3.12.6NCM
Vulnerabilities CVE-2012-6108 ,CVE-2013-0200 ,CVE-2013-4325 ,CVE-2013-6402 ,CVE-2013-6427 are affected in linux_imaging_and_printing_project 3.12.4NCM
Vulnerabilities CVE-2012-6108 ,CVE-2013-0200 ,CVE-2013-4325 ,CVE-2013-6402 ,CVE-2013-6427 are affected in linux_imaging_and_printing_project 3.12.2NCM
Vulnerabilities CVE-2012-6108 ,CVE-2013-0200 ,CVE-2013-4325 ,CVE-2013-6402 ,CVE-2013-6427 are affected in linux_imaging_and_printing_project 3.11.10NCM
Vulnerabilities CVE-2013-4325 ,CVE-2013-6402 ,CVE-2013-6427 are affected in linux_imaging_and_printing_project 3.13.9NCM
Vulnerabilities CVE-2013-4325 ,CVE-2013-6402 ,CVE-2013-6427 are affected in linux_imaging_and_printing_project 3.13.8NCM
Vulnerabilities CVE-2013-4325 ,CVE-2013-6402 ,CVE-2013-6427 are affected in linux_imaging_and_printing_project 3.13.7NCM
Vulnerabilities CVE-2013-4325 ,CVE-2013-6402 ,CVE-2013-6427 are affected in linux_imaging_and_printing_project 3.13.6NCM
Vulnerabilities CVE-2013-4325 ,CVE-2013-6402 ,CVE-2013-6427 are affected in linux_imaging_and_printing_project 3.13.5NCM
Vulnerabilities CVE-2013-4325 ,CVE-2013-6402 ,CVE-2013-6427 are affected in linux_imaging_and_printing_project 3.13.4NCM
Vulnerabilities CVE-2013-4325 ,CVE-2013-6402 ,CVE-2013-6427 are affected in linux_imaging_and_printing_project 3.13.3NCM
Vulnerabilities CVE-2013-4325 ,CVE-2013-6402 ,CVE-2013-6427 are affected in linux_imaging_and_printing_project 3.13.2NCM
CVE-2013-4325NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234