CyberSec.Space Logo
返回 CVE 浏览器

CVE-2017-7572

HIGH
8.1
CVSS Severity Score
EPSS Score0.0500%
EPSS Percentile35.97th
Published2017年4月6日
Last Modified2026年5月13日

Vulnerability Description

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.

Affected Platforms (CPE)

📦
Backintime Project

Backintime

<= 1.1.18

References & Advisories

🔗 https://github.com/bit-team/backintime/commit/7f208dc547f569b689c888103e3b593a48cd1869
🔗 https://github.com/bit-team/backintime/commit/7f208dc547f569b689c888103e3b593a48cd1869

相关漏洞威胁

CVE-2017-166677.8

backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' com...

CVE-2009-36117.1

common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an ol...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...