How severe is CVE-2017-7572?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2017-7572?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2017-7572 - HIGH Severity | CVSS 8.1

Vulnerability Description

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.

Related Vulnerabilities

CVE-2005-2352

HIGH

CVSS:8.1(High)

I race condition in Temp files was found in gs-gpl before 8.56 addons scripts.

CWE-3622005

CVE-2006-4245

HIGH

CVSS:8.1(High)

archivemail 0.6.2 uses temporary files insecurely leading to a possible race condition.

CWE-3622006

CVE-2009-4011

HIGH

CVSS:8.1(High)

dtc-xen 0.5.x before 0.5.4 suffers from a race condition where an attacker could potentially get a bash access as xenXX user on the dom0, and then access a potentially reuse an already opened VPS cons...

CWE-3622009

CVE-2014-3701

HIGH

CVSS:8.1(High)

eDeploy has tmp file race condition flaws

CWE-3622014

CVE-2014-9748

HIGH

CVSS:8.1(High)

The uv_rwlock_t fallback implementation for Windows XP and Server 2003 in libuv before 1.7.4 does not properly prevent threads from releasing the locks of other threads, which allows attackers to caus...

CWE-3622014

CVE-2015-1340

HIGH

CVSS:8.1(High)

LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause an...

CWE-3622015