CVE-2013-4327
systemd < 207 - Local Privilege Escalation via PolkitUnixProcess Race Condition
Title source: llmDescription
systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1961-1
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/09/18/6
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2013/dsa-2777
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1006680
Scores
EPSS
0.0030
EPSS Percentile
21.9%
Details
CWE
CWE-362
Status
published
Products (3)
canonical/ubuntu_linux
13.04
debian/debian_linux
7.0
systemd_project/systemd
< 207
Published
Oct 03, 2013
Tracked Since
Feb 18, 2026