CVE-2013-1063
https://notcve.org/view.php?id=CVE-2013-1063
usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. usb-creator 0.2.47 anterior a la versión 0.2.47.1, 0.2.40 anterior a 0.2.40ubuntu2, y 0.2.38 anterior a la versión 0.2.38.2 no utiliza adecuadamente D-Bus para la comunicación con una autoridad polkit, lo que permite a usuarios locales evadir restricciones de acceso intencionadas mediante el aprovechamiento de una condición de carrera PolkitUnixProcess PolkitSubject a través de un (1) proceso setuid o (2) un proceso pkexec, problema relacionado con CVE-2013-4288. • http://secunia.com/advisories/54901 http://www.ubuntu.com/usn/USN-1963-1 https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2 https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2 https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-1828
https://notcve.org/view.php?id=CVE-2011-1828
usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command. usb-creator-helper en usb-creator before v0.2.28.3 no obliga a cumplir las restricciones de PolicyKit, que permite a usuarios locales realizar operaciones arbitrarias de desmontaje a través del método UnmountFile en un comando dbus-send. • http://secunia.com/advisories/44413 http://www.securityfocus.com/bid/47679 http://www.ubuntu.com/usn/usn-1127-1 http://www.vupen.com/english/advisories/2011/1143 https://exchange.xforce.ibmcloud.com/vulnerabilities/67241 https://launchpad.net/bugs/771553 • CWE-264: Permissions, Privileges, and Access Controls •