CVE-2013-4327

EPSS 0.03%

systemd - several

Published: 10/3/2013Modified: 4/28/2026

Description

systemd does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288.

Affected packages (2)

Debian/systemdfrom 0, < 204-5
Debian/systemdfrom 0, < 44-11+deb7u4

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2013-4327