Mandriva Linux Security Advisory : polkit (MDVSA-2013:243)
High Nessus Plugin ID 70185
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated polkit packages fix security vulnerability :
A race condition was found in the way the PolicyKit pkcheck utility checked process authorization when the process was specified by its process ID via the --process option. A local user could use this flaw to bypass intended PolicyKit authorizations and escalate their privileges (CVE-2013-4288).
Note: Applications that invoke pkcheck with the --process option need to be modified to use the pid,pid-start-time,uid argument for that option, to allow pkcheck to check process authorization correctly.
Because of the change in the PolicyKit API, hplip (CVE-2013-4325), rtkit (CVE-2013-4326), and systemd (CVE-2013-4327) packages have been updated to use a different API that is not affected by this PolicyKit vulnerability.
SolutionUpdate the affected packages.