CVE-2013-4325
EPSS 0.07%
Description
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process.
How to fix CVE-2013-4325
To remediate CVE-2013-4325, upgrade the affected package to a fixed version below.
- Debian/hplip—upgrade to 3.13.9-1 or later
Is CVE-2013-4325 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.13.9-1