CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 1CVE-2015-3643 – usb-creator 0.2.x (Ubuntu 12.04/14.04/14.10) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-3643
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method. usb-creator en versiones anteriores a 0.2.38.3ubuntu0.1 en Ubuntu 12.04 LTS, en versiones anteriores a 0.2.56.3ubuntu0.1 en Ubuntu 14.04 LTS, en versiones anteriores a 0.2.62ubuntu0.3 en Ubuntu 14.10 y en versiones anteriores a 0.2.67ubuntu0.1 en Ubuntu 15.04 permite que los usuarios locales obtengan privilegios aprovechando que el método KVMTest se olvida de llamar a la función check_polkit. • https://www.exploit-db.com/exploits/36820 http://www.openwall.com/lists/oss-security/2015/04/22/12 http://www.openwall.com/lists/oss-security/2015/05/04/3 http://www.securityfocus.com/bid/74304 https://bazaar.launchpad.net/~usb-creator-hackers/usb-creator/trunk/revision/470 https://usn.ubuntu.com/usn/usn-2576-1 https://usn.ubuntu.com/usn/usn-2576-2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 0CVE-2013-1063
https://notcve.org/view.php?id=CVE-2013-1063
usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and 0.2.38 before 0.2.38.2 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288. usb-creator 0.2.47 anterior a la versión 0.2.47.1, 0.2.40 anterior a 0.2.40ubuntu2, y 0.2.38 anterior a la versión 0.2.38.2 no utiliza adecuadamente D-Bus para la comunicación con una autoridad polkit, lo que permite a usuarios locales evadir restricciones de acceso intencionadas mediante el aprovechamiento de una condición de carrera PolkitUnixProcess PolkitSubject a través de un (1) proceso setuid o (2) un proceso pkexec, problema relacionado con CVE-2013-4288. • http://secunia.com/advisories/54901 http://www.ubuntu.com/usn/USN-1963-1 https://launchpad.net/ubuntu/+source/usb-creator/0.2.38.2 https://launchpad.net/ubuntu/+source/usb-creator/0.2.40ubuntu2 https://launchpad.net/ubuntu/+source/usb-creator/0.2.47.1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 2.1EPSS: 0%CPEs: 46EXPL: 0CVE-2011-1828
https://notcve.org/view.php?id=CVE-2011-1828
usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command. usb-creator-helper en usb-creator before v0.2.28.3 no obliga a cumplir las restricciones de PolicyKit, que permite a usuarios locales realizar operaciones arbitrarias de desmontaje a través del método UnmountFile en un comando dbus-send. • http://secunia.com/advisories/44413 http://www.securityfocus.com/bid/47679 http://www.ubuntu.com/usn/usn-1127-1 http://www.vupen.com/english/advisories/2011/1143 https://exchange.xforce.ibmcloud.com/vulnerabilities/67241 https://launchpad.net/bugs/771553 • CWE-264: Permissions, Privileges, and Access Controls •