Search criteria
33 vulnerabilities found for polkit by polkit_project
FKIE_CVE-2021-4115
Vulnerability from fkie_nvd - Published: 2022-02-21 22:15 - Updated: 2024-11-21 06:36
Severity ?
Summary
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polkit_project | polkit | 0.117 | |
| redhat | enterprise_linux | 8.0 | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| canonical | ubuntu_linux | 20.04 | |
| canonical | ubuntu_linux | 21.10 | |
| debian | debian_linux | 11.0 | |
| oracle | zfs_storage_appliance_kit | 8.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polkit_project:polkit:0.117:*:*:*:*:*:*:*",
"matchCriteriaId": "54D39B43-A973-42A3-BD6E-F5613BBB9421",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned"
},
{
"lang": "es",
"value": "Se presenta un fallo en polkit que puede permitir a un usuario no privilegiado causar un bloqueo de polkit, debido al agotamiento del descriptor de archivos del proceso. La mayor amenaza de esta vulnerabilidad es la disponibilidad. NOTA: La duraci\u00f3n de la interrupci\u00f3n del proceso de polkit est\u00e1 ligada al proceso que falla y a la creaci\u00f3n de uno nuevo"
}
],
"id": "CVE-2021-4115",
"lastModified": "2024-11-21T06:36:55.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-21T22:15:07.743",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/172849/polkit-File-Descriptor-Exhaustion.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2021-4115"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/redhat/centos-stream/rpms/polkit/-/merge_requests/6/diffs?commit_id=bf900df04dc390d389e59aa10942b0f2b15c531e"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/issues/141"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGKWCBS6IDZYYDYM2WIWJM5BL7QQTWPF/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/172849/polkit-File-Descriptor-Exhaustion.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2021-4115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.com/redhat/centos-stream/rpms/polkit/-/merge_requests/6/diffs?commit_id=bf900df04dc390d389e59aa10942b0f2b15c531e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/issues/141"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGKWCBS6IDZYYDYM2WIWJM5BL7QQTWPF/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-3560
Vulnerability from fkie_nvd - Published: 2022-02-16 19:15 - Updated: 2025-11-06 14:50
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polkit_project | polkit | * | |
| debian | debian_linux | 11.0 | |
| canonical | ubuntu_linux | 20.04 | |
| redhat | virtualization | 4.0 | |
| redhat | virtualization_host | 4.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | openshift_container_platform | 4.7 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 8.0 |
{
"cisaActionDue": "2023-06-02",
"cisaExploitAdd": "2023-05-12",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Red Hat Polkit Incorrect Authorization Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "771AB1EA-D17C-4DFC-9A97-B197F1771818",
"versionEndExcluding": "0.119",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*",
"matchCriteriaId": "8E442013-EBF8-44F2-AAAA-B23816F3230E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF53D2-B585-4EA5-8F18-21BC9ECBB4B6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
},
{
"lang": "es",
"value": "Se ha detectado que polkit pod\u00eda ser enga\u00f1ado para omitir las comprobaciones de credenciales para las peticiones de D-Bus, elevando los privilegios del solicitante al usuario root. Este fallo podr\u00eda ser usado por un atacante local no privilegiado para, por ejemplo, crear un nuevo administrador local. La mayor amenaza de esta vulnerabilidad es para la confidencialidad e integridad de los datos, as\u00ed como para la disponibilidad del sistema"
}
],
"id": "CVE-2021-3560",
"lastModified": "2025-11-06T14:50:43.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-02-16T19:15:08.450",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3560"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-4034
Vulnerability from fkie_nvd - Published: 2022-01-28 20:15 - Updated: 2025-11-06 14:50
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
References
Impacted products
{
"cisaActionDue": "2022-07-18",
"cisaExploitAdd": "2022-06-27",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Red Hat Polkit Out-of-Bounds Read and Write Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F01D94C9-1E04-413B-8636-1AAC6D9E84D6",
"versionEndExcluding": "121",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB70A2F8-EAB3-4898-9353-F679FF721C82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EB3AC848-C2D0-4878-8619-F5815173555D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "566507B6-AC95-47F7-A3FB-C6F414E45F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87C21FE1-EA5C-498F-9C6C-D05F91A88217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB105EC-19F9-424A-86F1-305A6FD74A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9BD9AE-46FC-4609-8D99-A3CFE91D58D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A684C7-88FD-43C4-9BDB-AE337FCBD0AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "47811209-5CE5-4375-8391-B0A7F6A0E420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EB6F417-25D0-4A28-B7BA-D21929EAA9E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C80DB2-4A78-4EC9-B2A8-1E4D902C4834",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "983533DD-3970-4A37-9A9C-582BD48AA1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "61917784-47F1-4328-BA1F-A88C5E23496B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "48C2E003-A71C-4D06-B8B3-F93160568182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3921C1CF-A16D-4727-99AD-03EFFA7C91CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6DD887-9744-43EA-8B3C-44C6B6339590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AAE4D2D0-CEEB-416F-8BC5-A7987DF56190",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7305944-AC9C-47A3-AADF-71A8B24830D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:-:*:*:*",
"matchCriteriaId": "CDFEA8DC-7D78-4ACD-A95C-9408F45EEAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9910C73A-3BCD-4F56-8C7D-79CB289640A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B5810E98-7BF5-42E2-9DE9-661049ABE367",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:*:*:*:*:*:*",
"matchCriteriaId": "8C4F62C0-4188-433A-8292-559025CA23C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:-:*:*",
"matchCriteriaId": "07D416C5-4A0F-4EF3-A3DE-A028AAA4F739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:sap:*:*",
"matchCriteriaId": "F6C1736B-0505-4C19-98B7-90C8359F3BCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*",
"matchCriteriaId": "243B9B56-C744-4C1C-B42E-158C1B041B6A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinumerik_edge:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D069EA07-88A5-4058-A2BC-44F94D9ACC9A",
"versionEndExcluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC41AD4-69E5-48D8-8216-671F485C3C40",
"versionEndExcluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52A77C9D-E59C-4397-B834-797D7B334A6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*",
"matchCriteriaId": "B323EF31-7A67-4458-8323-86F8AA58268C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*",
"matchCriteriaId": "14AF427F-BC75-40C7-9579-34A74E2E475D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de escalada de privilegios local en la utilidad pkexec de polkit. La aplicaci\u00f3n pkexec es una herramienta setuid dise\u00f1ada para permitir a usuarios sin privilegios ejecutar comandos como usuarios privilegiados de acuerdo con pol\u00edticas predefinidas. La versi\u00f3n actual de pkexec no maneja correctamente el recuento de par\u00e1metros de llamada y termina intentando ejecutar variables de entorno como comandos. Un atacante puede aprovechar esto creando variables de entorno de tal manera que induzcan a pkexec a ejecutar c\u00f3digo arbitrario. Cuando se ejecuta con \u00e9xito, el ataque puede provocar una escalada de privilegios locales otorgando a los usuarios sin privilegios derechos administrativos en la m\u00e1quina de destino."
}
],
"id": "CVE-2021-4034",
"lastModified": "2025-11-06T14:50:26.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-01-28T20:15:12.193",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.suse.com/support/kb/doc/?id=000020564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.suse.com/support/kb/doc/?id=000020564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-6133
Vulnerability from fkie_nvd - Published: 2019-01-11 14:29 - Updated: 2024-11-21 04:46
Severity ?
Summary
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polkit_project | polkit | 0.115 | |
| debian | debian_linux | 8.0 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_eus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| redhat | enterprise_linux_desktop | 6.0 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server_aus | 6.6 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polkit_project:polkit:0.115:*:*:*:*:*:*:*",
"matchCriteriaId": "94D3160D-6DB5-46D3-8A98-010D2095587A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In PolicyKit (aka polkit) 0.115, the \"start time\" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c."
},
{
"lang": "es",
"value": "En PolicyKit (tambi\u00e9n conocido como polkit) 0.115, el mecanismo de protecci\u00f3n \"start time\" puede omitirse debido a que fork() no es at\u00f3mico y, por lo tanto, las decisiones de autorizaci\u00f3n se cachean incorrectamente. Esto est\u00e1 relacionado con la falta de comprobaci\u00f3n de uid en polkitbackend/polkitbackendinteractiveauthority.c."
}
],
"id": "CVE-2019-6133",
"lastModified": "2024-11-21T04:46:00.397",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-01-11T14:29:00.390",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106537"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0230"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0420"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0832"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2699"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2978"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K22715344"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3901-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3901-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3903-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3903-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3908-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3908-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3910-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3910-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3934-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3934-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K22715344"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3901-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3901-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3903-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3903-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3908-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3908-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3910-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3910-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3934-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3934-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-19788
Vulnerability from fkie_nvd - Published: 2018-12-03 06:29 - Updated: 2024-11-21 03:58
Severity ?
Summary
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polkit_project | polkit | 0.115 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polkit_project:polkit:0.115:*:*:*:*:*:*:*",
"matchCriteriaId": "94D3160D-6DB5-46D3-8A98-010D2095587A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command."
},
{
"lang": "es",
"value": "Se ha detectado un fallo en PolicyKit (tambi\u00e9n conocido como polkit) 0.115 que permite que un usuario con una uid mayor que INT_MAX ejecute con \u00e9xito cualquier comando systemctl."
}
],
"id": "CVE-2018-19788",
"lastModified": "2024-11-21T03:58:33.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-03T06:29:00.243",
"references": [
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2046"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:3232"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/915332"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/issues/74"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201908-14"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3861-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3861-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:3232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/915332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/issues/74"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201908-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240816-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3861-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3861-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4350"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-1116
Vulnerability from fkie_nvd - Published: 2018-07-10 19:29 - Updated: 2024-11-21 03:59
Severity ?
Summary
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 12.04 | |
| polkit_project | polkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13336913-B816-41AB-AA70-946796DFD13E",
"versionEndExcluding": "0.115",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en versiones anteriores a la 0.116 de polkit. La implementaci\u00f3n de la funci\u00f3n polkit_backend_interactive_authority_check_authorization en polkitd permite probar la autenticaci\u00f3n y desencadenar la autenticaci\u00f3n de procesos no relacionados propiedad de otros usuarios. Esto podr\u00eda resultar en una denegaci\u00f3n de servicio (DoS) local y una divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2018-1116",
"lastModified": "2024-11-21T03:59:12.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-07-10T19:29:00.290",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-14"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3717-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201908-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3717-2/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-4625
Vulnerability from fkie_nvd - Published: 2015-10-26 19:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 | |
| polkit_project | polkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "154D0301-B371-4F38-9DD5-EDBE487A37C8",
"versionEndIncluding": "0.112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value."
},
{
"lang": "es",
"value": "Desbordamiento de entero en la funci\u00f3n authentication_agent_new_cookie en PolicyKit (tambi\u00e9n conocido como polkit) en versiones anteriores a 0.113 permite a usuarios locales obtener privilegios mediante la creaci\u00f3n de un n\u00famero de conexiones grande, lo que desencadena la emisi\u00f3n de un valor de cookie duplicado."
}
],
"id": "CVE-2015-4625",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-26T19:59:05.733",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/06/08/3"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/06/09/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2015/06/16/21"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/75267"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1035023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/06/08/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/06/09/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2015/06/16/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035023"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3256
Vulnerability from fkie_nvd - Published: 2015-10-26 19:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "154D0301-B371-4F38-9DD5-EDBE487A37C8",
"versionEndIncluding": "0.112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to \"javascript rule evaluation.\""
},
{
"lang": "es",
"value": "PolicyKit (tambi\u00e9n conocido como polkit) en versiones anteriores a 0.113 permite a usuarios locales provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda del demonio polkitd) y posiblemente obtener privilegios a trav\u00e9s de vectores no especificados, relacionado con \u0027regla de evaluaci\u00f3n javascript\u0027."
}
],
"id": "CVE-2015-3256",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-26T19:59:04.590",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0189.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/77356"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1035023"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0189.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/77356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245684"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3255
Vulnerability from fkie_nvd - Published: 2015-10-26 19:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polkit_project | polkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "154D0301-B371-4F38-9DD5-EDBE487A37C8",
"versionEndIncluding": "0.112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions."
},
{
"lang": "es",
"value": "La funci\u00f3n polkit_backend_action_pool_init en polkitbackend/polkitbackendactionpool.c en PolicyKit (tambi\u00e9n conocido como polkit) en versiones anteriores a 0.113 podr\u00eda permitir a usuarios locales obtener privilegios a trav\u00e9s de IDs de acci\u00f3n duplicados en descripciones de acci\u00f3n."
}
],
"id": "CVE-2015-3255",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-26T19:59:02.887",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1035023"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=83590"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245673"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201611-07"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/3717-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=83590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201611-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3717-2/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-3218
Vulnerability from fkie_nvd - Published: 2015-10-26 19:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| polkit_project | polkit | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "154D0301-B371-4F38-9DD5-EDBE487A37C8",
"versionEndIncluding": "0.112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path."
},
{
"lang": "es",
"value": "La funci\u00f3n authentication_agent_new en polkitbackend/polkitbackendinteractiveauthority.c en PolicyKit (tambi\u00e9n conocido como polkit) en versiones anteriores a 0.113 permite a usuarios locales provocar una denegaci\u00f3n de servicio (referencia a puntero NULL y ca\u00edda de demonio polkitd) llamando a RegisterAuthenticationAgent con una ruta de objeto no v\u00e1lida."
}
],
"evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/476.html\"\u003eCWE-476: NULL Pointer Dereference\u003c/a\u003e",
"id": "CVE-2015-3218",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-10-26T19:59:00.107",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/76086"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1035023"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/3717-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1035023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3717-1/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-4115 (GCVE-0-2021-4115)
Vulnerability from cvelistv5 – Published: 2022-02-21 00:00 – Updated: 2024-08-03 17:16
VLAI?
Summary
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
Severity ?
No CVSS data available.
CWE
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2021-4115"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/issues/141"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/redhat/centos-stream/rpms/polkit/-/merge_requests/6/diffs?commit_id=bf900df04dc390d389e59aa10942b0f2b15c531e"
},
{
"name": "FEDORA-2022-5e6d5fe680",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGKWCBS6IDZYYDYM2WIWJM5BL7QQTWPF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172849/polkit-File-Descriptor-Exhaustion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polkitd",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.117"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://access.redhat.com/security/cve/cve-2021-4115"
},
{
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/issues/141"
},
{
"url": "https://gitlab.com/redhat/centos-stream/rpms/polkit/-/merge_requests/6/diffs?commit_id=bf900df04dc390d389e59aa10942b0f2b15c531e"
},
{
"name": "FEDORA-2022-5e6d5fe680",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGKWCBS6IDZYYDYM2WIWJM5BL7QQTWPF/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "http://packetstormsecurity.com/files/172849/polkit-File-Descriptor-Exhaustion.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4115",
"datePublished": "2022-02-21T00:00:00",
"dateReserved": "2021-12-14T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3560 (GCVE-0-2021-3560)
Vulnerability from cvelistv5 – Published: 2022-02-16 00:00 – Updated: 2025-10-21 23:15
VLAI?
Summary
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity ?
7.8 (High)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:06.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-3560",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T21:24:12.585039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-05-12",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3560"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:46.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3560"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-12T00:00:00+00:00",
"value": "CVE-2021-3560 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "polkit",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "polkit 0.119"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T06:06:22.689Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
},
{
"url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
},
{
"url": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"
},
{
"url": "http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3560",
"datePublished": "2022-02-16T00:00:00.000Z",
"dateReserved": "2021-05-20T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:46.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4034 (GCVE-0-2021-4034)
Vulnerability from cvelistv5 – Published: 2022-01-28 00:00 – Updated: 2025-10-21 23:15
VLAI?
Summary
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Severity ?
7.8 (High)
CWE
- CWE-787 - (CWE-787|CWE-125)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-23T18:05:54.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/support/kb/doc/?id=000020564"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-4034",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-12T10:21:57.857346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-06-27",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:48.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-06-27T00:00:00+00:00",
"value": "CVE-2021-4034 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "polkit",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "(CWE-787|CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T00:16:44.133Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
},
{
"url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
},
{
"url": "https://www.suse.com/support/kb/doc/?id=000020564"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
},
{
"url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
},
{
"url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4034",
"datePublished": "2022-01-28T00:00:00.000Z",
"dateReserved": "2021-11-29T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:48.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6133 (GCVE-0-2019-6133)
Vulnerability from cvelistv5 – Published: 2019-01-11 14:00 – Updated: 2024-08-04 20:16
VLAI?
Summary
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81"
},
{
"name": "USN-3903-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3903-2/"
},
{
"name": "RHSA-2019:0230",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf"
},
{
"name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"name": "USN-3910-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3910-1/"
},
{
"name": "USN-3901-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3901-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692"
},
{
"name": "USN-3910-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3910-2/"
},
{
"name": "RHSA-2019:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0420"
},
{
"name": "USN-3908-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3908-2/"
},
{
"name": "USN-3901-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3901-1/"
},
{
"name": "USN-3903-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3903-1/"
},
{
"name": "106537",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106537"
},
{
"name": "USN-3908-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3908-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K22715344"
},
{
"name": "USN-3934-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3934-1/"
},
{
"name": "RHSA-2019:0832",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0832"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"name": "openSUSE-SU-2019:1914",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html"
},
{
"name": "USN-3934-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3934-2/"
},
{
"name": "RHSA-2019:2699",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2699"
},
{
"name": "RHSA-2019:2978",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2978"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In PolicyKit (aka polkit) 0.115, the \"start time\" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-08T12:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81"
},
{
"name": "USN-3903-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3903-2/"
},
{
"name": "RHSA-2019:0230",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf"
},
{
"name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"name": "USN-3910-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3910-1/"
},
{
"name": "USN-3901-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3901-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692"
},
{
"name": "USN-3910-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3910-2/"
},
{
"name": "RHSA-2019:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0420"
},
{
"name": "USN-3908-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3908-2/"
},
{
"name": "USN-3901-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3901-1/"
},
{
"name": "USN-3903-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3903-1/"
},
{
"name": "106537",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106537"
},
{
"name": "USN-3908-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3908-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K22715344"
},
{
"name": "USN-3934-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3934-1/"
},
{
"name": "RHSA-2019:0832",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0832"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"name": "openSUSE-SU-2019:1914",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html"
},
{
"name": "USN-3934-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3934-2/"
},
{
"name": "RHSA-2019:2699",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2699"
},
{
"name": "RHSA-2019:2978",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2978"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PolicyKit (aka polkit) 0.115, the \"start time\" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81"
},
{
"name": "USN-3903-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3903-2/"
},
{
"name": "RHSA-2019:0230",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0230"
},
{
"name": "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf",
"refsource": "MISC",
"url": "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf"
},
{
"name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"name": "USN-3910-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3910-1/"
},
{
"name": "USN-3901-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3901-2/"
},
{
"name": "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692"
},
{
"name": "USN-3910-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3910-2/"
},
{
"name": "RHSA-2019:0420",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0420"
},
{
"name": "USN-3908-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3908-2/"
},
{
"name": "USN-3901-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3901-1/"
},
{
"name": "USN-3903-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3903-1/"
},
{
"name": "106537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106537"
},
{
"name": "USN-3908-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3908-1/"
},
{
"name": "https://support.f5.com/csp/article/K22715344",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K22715344"
},
{
"name": "USN-3934-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3934-1/"
},
{
"name": "RHSA-2019:0832",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0832"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"name": "openSUSE-SU-2019:1914",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html"
},
{
"name": "USN-3934-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3934-2/"
},
{
"name": "RHSA-2019:2699",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2699"
},
{
"name": "RHSA-2019:2978",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2978"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6133",
"datePublished": "2019-01-11T14:00:00",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-08-04T20:16:23.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19788 (GCVE-0-2018-19788)
Vulnerability from cvelistv5 – Published: 2018-12-03 06:00 – Updated: 2024-08-29 15:55
VLAI?
Summary
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-16T17:02:35.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3861-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3861-1/"
},
{
"name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"name": "USN-3861-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3861-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/915332"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/issues/74"
},
{
"name": "DSA-4350",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4350"
},
{
"name": "RHSA-2019:2046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2046"
},
{
"name": "GLSA-201908-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-14"
},
{
"name": "RHSA-2019:3232",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3232"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240816-0001/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-19788",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T15:55:23.213536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:55:31.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T16:06:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3861-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3861-1/"
},
{
"name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"name": "USN-3861-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3861-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/915332"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/issues/74"
},
{
"name": "DSA-4350",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4350"
},
{
"name": "RHSA-2019:2046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2046"
},
{
"name": "GLSA-201908-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-14"
},
{
"name": "RHSA-2019:3232",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3861-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3861-1/"
},
{
"name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"name": "USN-3861-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3861-2/"
},
{
"name": "https://bugs.debian.org/915332",
"refsource": "MISC",
"url": "https://bugs.debian.org/915332"
},
{
"name": "https://gitlab.freedesktop.org/polkit/polkit/issues/74",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/polkit/polkit/issues/74"
},
{
"name": "DSA-4350",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4350"
},
{
"name": "RHSA-2019:2046",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2046"
},
{
"name": "GLSA-201908-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-14"
},
{
"name": "RHSA-2019:3232",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19788",
"datePublished": "2018-12-03T06:00:00",
"dateReserved": "2018-12-02T00:00:00",
"dateUpdated": "2024-08-29T15:55:31.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1116 (GCVE-0-2018-1116)
Vulnerability from cvelistv5 – Published: 2018-07-10 19:00 – Updated: 2024-08-05 03:51
VLAI?
Summary
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116"
},
{
"name": "USN-3717-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3717-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364"
},
{
"name": "[debian-lts-announce] 20180728 [SECURITY] [DLA-1448-1] policykit-1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html"
},
{
"name": "GLSA-201908-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polkit",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "polkit 0.116"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T17:06:10",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116"
},
{
"name": "USN-3717-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3717-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364"
},
{
"name": "[debian-lts-announce] 20180728 [SECURITY] [DLA-1448-1] policykit-1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html"
},
{
"name": "GLSA-201908-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polkit",
"version": {
"version_data": [
{
"version_value": "polkit 0.116"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.7/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116"
},
{
"name": "USN-3717-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3717-2/"
},
{
"name": "https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364"
},
{
"name": "[debian-lts-announce] 20180728 [SECURITY] [DLA-1448-1] policykit-1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html"
},
{
"name": "GLSA-201908-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1116",
"datePublished": "2018-07-10T19:00:00",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T03:51:48.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3255 (GCVE-0-2015-3255)
Vulnerability from cvelistv5 – Published: 2015-10-26 19:00 – Updated: 2024-08-06 05:39
VLAI?
Summary
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201611-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-07"
},
{
"name": "USN-3717-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3717-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245673"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=83590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201611-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-07"
},
{
"name": "USN-3717-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3717-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245673"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=83590"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3255",
"datePublished": "2015-10-26T19:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4625 (GCVE-0-2015-4625)
Vulnerability from cvelistv5 – Published: 2015-10-26 19:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[polkit-devel] 20150603 Agent Authentication Question",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html"
},
{
"name": "75267",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75267"
},
{
"name": "FEDORA-2015-11058",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "FEDORA-2015-11743",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "[oss-security] 20150609 Re: CVE request for polkit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/09/1"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "[oss-security] 20150608 CVE request for polkit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/08/3"
},
{
"name": "[polkit-devel] 20150529 Agent Authentication Question",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html"
},
{
"name": "[oss-security] 20150616 Re: CVE request for polkit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/16/21"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[polkit-devel] 20150603 Agent Authentication Question",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html"
},
{
"name": "75267",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75267"
},
{
"name": "FEDORA-2015-11058",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "FEDORA-2015-11743",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "[oss-security] 20150609 Re: CVE request for polkit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/09/1"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "[oss-security] 20150608 CVE request for polkit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/08/3"
},
{
"name": "[polkit-devel] 20150529 Agent Authentication Question",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html"
},
{
"name": "[oss-security] 20150616 Re: CVE request for polkit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/16/21"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[polkit-devel] 20150603 Agent Authentication Question",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html"
},
{
"name": "75267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75267"
},
{
"name": "FEDORA-2015-11058",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name": "openSUSE-SU-2015:1927",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "FEDORA-2015-11743",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "[oss-security] 20150609 Re: CVE request for polkit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/09/1"
},
{
"name": "openSUSE-SU-2015:1734",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "[oss-security] 20150608 CVE request for polkit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/08/3"
},
{
"name": "[polkit-devel] 20150529 Agent Authentication Question",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html"
},
{
"name": "[oss-security] 20150616 Re: CVE request for polkit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/16/21"
},
{
"name": "1035023",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4625",
"datePublished": "2015-10-26T19:00:00",
"dateReserved": "2015-06-16T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3256 (GCVE-0-2015-3256)
Vulnerability from cvelistv5 – Published: 2015-10-26 19:00 – Updated: 2024-08-06 05:39
VLAI?
Summary
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245684"
},
{
"name": "RHSA-2016:0189",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0189.html"
},
{
"name": "77356",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77356"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to \"javascript rule evaluation.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245684"
},
{
"name": "RHSA-2016:0189",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0189.html"
},
{
"name": "77356",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77356"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3256",
"datePublished": "2015-10-26T19:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3218 (GCVE-0-2015-3218)
Vulnerability from cvelistv5 – Published: 2015-10-26 19:00 – Updated: 2024-08-06 05:39
VLAI?
Summary
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[polkit-devel] 20150529 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
},
{
"name": "USN-3717-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3717-1/"
},
{
"name": "FEDORA-2015-11058",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "FEDORA-2015-11743",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "76086",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76086"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035023"
},
{
"name": "[polkit-devel] 20150630 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-17T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[polkit-devel] 20150529 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
},
{
"name": "USN-3717-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3717-1/"
},
{
"name": "FEDORA-2015-11058",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "FEDORA-2015-11743",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "76086",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76086"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035023"
},
{
"name": "[polkit-devel] 20150630 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3218",
"datePublished": "2015-10-26T19:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4115 (GCVE-0-2021-4115)
Vulnerability from nvd – Published: 2022-02-21 00:00 – Updated: 2024-08-03 17:16
VLAI?
Summary
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2021-4115"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/issues/141"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/redhat/centos-stream/rpms/polkit/-/merge_requests/6/diffs?commit_id=bf900df04dc390d389e59aa10942b0f2b15c531e"
},
{
"name": "FEDORA-2022-5e6d5fe680",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGKWCBS6IDZYYDYM2WIWJM5BL7QQTWPF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172849/polkit-File-Descriptor-Exhaustion.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polkitd",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "0.117"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T00:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://access.redhat.com/security/cve/cve-2021-4115"
},
{
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/issues/141"
},
{
"url": "https://gitlab.com/redhat/centos-stream/rpms/polkit/-/merge_requests/6/diffs?commit_id=bf900df04dc390d389e59aa10942b0f2b15c531e"
},
{
"name": "FEDORA-2022-5e6d5fe680",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VGKWCBS6IDZYYDYM2WIWJM5BL7QQTWPF/"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "http://packetstormsecurity.com/files/172849/polkit-File-Descriptor-Exhaustion.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4115",
"datePublished": "2022-02-21T00:00:00",
"dateReserved": "2021-12-14T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3560 (GCVE-0-2021-3560)
Vulnerability from nvd – Published: 2022-02-16 00:00 – Updated: 2025-10-21 23:15
VLAI?
Summary
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity ?
7.8 (High)
CWE
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:01:06.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-3560",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T21:24:12.585039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-05-12",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3560"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:46.259Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3560"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-05-12T00:00:00+00:00",
"value": "CVE-2021-3560 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "polkit",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "polkit 0.119"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-12T06:06:22.689Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
},
{
"url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
},
{
"url": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"
},
{
"url": "http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3560",
"datePublished": "2022-02-16T00:00:00.000Z",
"dateReserved": "2021-05-20T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:46.259Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4034 (GCVE-0-2021-4034)
Vulnerability from nvd – Published: 2022-01-28 00:00 – Updated: 2025-10-21 23:15
VLAI?
Summary
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Severity ?
7.8 (High)
CWE
- CWE-787 - (CWE-787|CWE-125)
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-09-23T18:05:54.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/support/kb/doc/?id=000020564"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-4034",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-12T10:21:57.857346Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-06-27",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:48.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-06-27T00:00:00+00:00",
"value": "CVE-2021-4034 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "polkit",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A local privilege escalation vulnerability was found on polkit\u0027s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn\u0027t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it\u0027ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "(CWE-787|CWE-125)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-18T00:16:44.133Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://access.redhat.com/security/vulnerabilities/RHSB-2022-001"
},
{
"url": "https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2025869"
},
{
"url": "https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html"
},
{
"url": "http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html"
},
{
"url": "https://www.suse.com/support/kb/doc/?id=000020564"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf"
},
{
"url": "https://www.starwindsoftware.com/security/sw-20220818-0001/"
},
{
"url": "https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4034",
"datePublished": "2022-01-28T00:00:00.000Z",
"dateReserved": "2021-11-29T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:48.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-6133 (GCVE-0-2019-6133)
Vulnerability from nvd – Published: 2019-01-11 14:00 – Updated: 2024-08-04 20:16
VLAI?
Summary
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:16:23.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81"
},
{
"name": "USN-3903-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3903-2/"
},
{
"name": "RHSA-2019:0230",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf"
},
{
"name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"name": "USN-3910-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3910-1/"
},
{
"name": "USN-3901-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3901-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692"
},
{
"name": "USN-3910-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3910-2/"
},
{
"name": "RHSA-2019:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0420"
},
{
"name": "USN-3908-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3908-2/"
},
{
"name": "USN-3901-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3901-1/"
},
{
"name": "USN-3903-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3903-1/"
},
{
"name": "106537",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106537"
},
{
"name": "USN-3908-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3908-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K22715344"
},
{
"name": "USN-3934-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3934-1/"
},
{
"name": "RHSA-2019:0832",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0832"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"name": "openSUSE-SU-2019:1914",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html"
},
{
"name": "USN-3934-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3934-2/"
},
{
"name": "RHSA-2019:2699",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2699"
},
{
"name": "RHSA-2019:2978",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2978"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In PolicyKit (aka polkit) 0.115, the \"start time\" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-08T12:06:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81"
},
{
"name": "USN-3903-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3903-2/"
},
{
"name": "RHSA-2019:0230",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf"
},
{
"name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"name": "USN-3910-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3910-1/"
},
{
"name": "USN-3901-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3901-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692"
},
{
"name": "USN-3910-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3910-2/"
},
{
"name": "RHSA-2019:0420",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0420"
},
{
"name": "USN-3908-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3908-2/"
},
{
"name": "USN-3901-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3901-1/"
},
{
"name": "USN-3903-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3903-1/"
},
{
"name": "106537",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106537"
},
{
"name": "USN-3908-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3908-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K22715344"
},
{
"name": "USN-3934-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3934-1/"
},
{
"name": "RHSA-2019:0832",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0832"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"name": "openSUSE-SU-2019:1914",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html"
},
{
"name": "USN-3934-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3934-2/"
},
{
"name": "RHSA-2019:2699",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2699"
},
{
"name": "RHSA-2019:2978",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2978"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-6133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PolicyKit (aka polkit) 0.115, the \"start time\" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81"
},
{
"name": "USN-3903-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3903-2/"
},
{
"name": "RHSA-2019:0230",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0230"
},
{
"name": "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf",
"refsource": "MISC",
"url": "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf"
},
{
"name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"name": "USN-3910-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3910-1/"
},
{
"name": "USN-3901-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3901-2/"
},
{
"name": "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692"
},
{
"name": "USN-3910-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3910-2/"
},
{
"name": "RHSA-2019:0420",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0420"
},
{
"name": "USN-3908-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3908-2/"
},
{
"name": "USN-3901-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3901-1/"
},
{
"name": "USN-3903-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3903-1/"
},
{
"name": "106537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106537"
},
{
"name": "USN-3908-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3908-1/"
},
{
"name": "https://support.f5.com/csp/article/K22715344",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K22715344"
},
{
"name": "USN-3934-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3934-1/"
},
{
"name": "RHSA-2019:0832",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0832"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
},
{
"name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
},
{
"name": "openSUSE-SU-2019:1914",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html"
},
{
"name": "USN-3934-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3934-2/"
},
{
"name": "RHSA-2019:2699",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2699"
},
{
"name": "RHSA-2019:2978",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2978"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-6133",
"datePublished": "2019-01-11T14:00:00",
"dateReserved": "2019-01-11T00:00:00",
"dateUpdated": "2024-08-04T20:16:23.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19788 (GCVE-0-2018-19788)
Vulnerability from nvd – Published: 2018-12-03 06:00 – Updated: 2024-08-29 15:55
VLAI?
Summary
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-16T17:02:35.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3861-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3861-1/"
},
{
"name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"name": "USN-3861-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3861-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/915332"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/issues/74"
},
{
"name": "DSA-4350",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4350"
},
{
"name": "RHSA-2019:2046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2046"
},
{
"name": "GLSA-201908-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-14"
},
{
"name": "RHSA-2019:3232",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3232"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240816-0001/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-19788",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-29T15:55:23.213536Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-29T15:55:31.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T16:06:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3861-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3861-1/"
},
{
"name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"name": "USN-3861-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3861-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/915332"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.freedesktop.org/polkit/polkit/issues/74"
},
{
"name": "DSA-4350",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4350"
},
{
"name": "RHSA-2019:2046",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2046"
},
{
"name": "GLSA-201908-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-14"
},
{
"name": "RHSA-2019:3232",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3232"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3861-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3861-1/"
},
{
"name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
},
{
"name": "USN-3861-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3861-2/"
},
{
"name": "https://bugs.debian.org/915332",
"refsource": "MISC",
"url": "https://bugs.debian.org/915332"
},
{
"name": "https://gitlab.freedesktop.org/polkit/polkit/issues/74",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/polkit/polkit/issues/74"
},
{
"name": "DSA-4350",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4350"
},
{
"name": "RHSA-2019:2046",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2046"
},
{
"name": "GLSA-201908-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-14"
},
{
"name": "RHSA-2019:3232",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3232"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19788",
"datePublished": "2018-12-03T06:00:00",
"dateReserved": "2018-12-02T00:00:00",
"dateUpdated": "2024-08-29T15:55:31.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-1116 (GCVE-0-2018-1116)
Vulnerability from nvd – Published: 2018-07-10 19:00 – Updated: 2024-08-05 03:51
VLAI?
Summary
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.
Severity ?
4.7 (Medium)
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116"
},
{
"name": "USN-3717-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3717-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364"
},
{
"name": "[debian-lts-announce] 20180728 [SECURITY] [DLA-1448-1] policykit-1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html"
},
{
"name": "GLSA-201908-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201908-14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "polkit",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "polkit 0.116"
}
]
}
],
"datePublic": "2018-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-15T17:06:10",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116"
},
{
"name": "USN-3717-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3717-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364"
},
{
"name": "[debian-lts-announce] 20180728 [SECURITY] [DLA-1448-1] policykit-1 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html"
},
{
"name": "GLSA-201908-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201908-14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "polkit",
"version": {
"version_data": [
{
"version_value": "polkit 0.116"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.7/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116"
},
{
"name": "USN-3717-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3717-2/"
},
{
"name": "https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364"
},
{
"name": "[debian-lts-announce] 20180728 [SECURITY] [DLA-1448-1] policykit-1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html"
},
{
"name": "GLSA-201908-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201908-14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1116",
"datePublished": "2018-07-10T19:00:00",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T03:51:48.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3255 (GCVE-0-2015-3255)
Vulnerability from nvd – Published: 2015-10-26 19:00 – Updated: 2024-08-06 05:39
VLAI?
Summary
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201611-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201611-07"
},
{
"name": "USN-3717-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3717-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245673"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=83590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-27T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201611-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201611-07"
},
{
"name": "USN-3717-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3717-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245673"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.freedesktop.org/show_bug.cgi?id=83590"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3255",
"datePublished": "2015-10-26T19:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4625 (GCVE-0-2015-4625)
Vulnerability from nvd – Published: 2015-10-26 19:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:12.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[polkit-devel] 20150603 Agent Authentication Question",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html"
},
{
"name": "75267",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75267"
},
{
"name": "FEDORA-2015-11058",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "FEDORA-2015-11743",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "[oss-security] 20150609 Re: CVE request for polkit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/09/1"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "[oss-security] 20150608 CVE request for polkit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/08/3"
},
{
"name": "[polkit-devel] 20150529 Agent Authentication Question",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html"
},
{
"name": "[oss-security] 20150616 Re: CVE request for polkit",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/16/21"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[polkit-devel] 20150603 Agent Authentication Question",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html"
},
{
"name": "75267",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75267"
},
{
"name": "FEDORA-2015-11058",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "FEDORA-2015-11743",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "[oss-security] 20150609 Re: CVE request for polkit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/09/1"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "[oss-security] 20150608 CVE request for polkit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/08/3"
},
{
"name": "[polkit-devel] 20150529 Agent Authentication Question",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html"
},
{
"name": "[oss-security] 20150616 Re: CVE request for polkit",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/06/16/21"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035023"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[polkit-devel] 20150603 Agent Authentication Question",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html"
},
{
"name": "75267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75267"
},
{
"name": "FEDORA-2015-11058",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name": "openSUSE-SU-2015:1927",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "FEDORA-2015-11743",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "[oss-security] 20150609 Re: CVE request for polkit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/09/1"
},
{
"name": "openSUSE-SU-2015:1734",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "[oss-security] 20150608 CVE request for polkit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/08/3"
},
{
"name": "[polkit-devel] 20150529 Agent Authentication Question",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html"
},
{
"name": "[oss-security] 20150616 Re: CVE request for polkit",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/16/21"
},
{
"name": "1035023",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4625",
"datePublished": "2015-10-26T19:00:00",
"dateReserved": "2015-06-16T00:00:00",
"dateUpdated": "2024-08-06T06:18:12.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3256 (GCVE-0-2015-3256)
Vulnerability from nvd – Published: 2015-10-26 19:00 – Updated: 2024-08-06 05:39
VLAI?
Summary
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245684"
},
{
"name": "RHSA-2016:0189",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0189.html"
},
{
"name": "77356",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/77356"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to \"javascript rule evaluation.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T22:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245684"
},
{
"name": "RHSA-2016:0189",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0189.html"
},
{
"name": "77356",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/77356"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035023"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3256",
"datePublished": "2015-10-26T19:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-3218 (GCVE-0-2015-3218)
Vulnerability from nvd – Published: 2015-10-26 19:00 – Updated: 2024-08-06 05:39
VLAI?
Summary
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:31.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[polkit-devel] 20150529 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
},
{
"name": "USN-3717-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3717-1/"
},
{
"name": "FEDORA-2015-11058",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "FEDORA-2015-11743",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "76086",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76086"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035023"
},
{
"name": "[polkit-devel] 20150630 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-17T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[polkit-devel] 20150529 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html"
},
{
"name": "USN-3717-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3717-1/"
},
{
"name": "FEDORA-2015-11058",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html"
},
{
"name": "openSUSE-SU-2015:1927",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html"
},
{
"name": "FEDORA-2015-11743",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html"
},
{
"name": "[polkit-devel] 20150702 polkit-0.113 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html"
},
{
"name": "76086",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76086"
},
{
"name": "openSUSE-SU-2015:1734",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html"
},
{
"name": "1035023",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035023"
},
{
"name": "[polkit-devel] 20150630 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3218",
"datePublished": "2015-10-26T19:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:31.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}