CVE-2011-4945

Severity

69%

Complexity

34%

Confidentiality

165%

PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication.

PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication.

CVSS 2.0 Base Score 6.9. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:C/A:C).

Overview

First reported 12 years ago

2012-10-01 23:55:00

Last updated 12 years ago

2012-12-19 04:46:00

Affected Software

Michael Biebl PolicyKit 0.103

0.103

References

http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9

http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch

48817

GLSA-201204-06

[polkit-devel] 20111206 polkit 0.103

[oss-security] 20120327 CVE Request: PolicyKit change allows users in "wheel" group to become root without a password

[oss-security] 20120327 Re: CVE Request: PolicyKit change allows users in "wheel" group to become root without a password

https://bugs.gentoo.org/show_bug.cgi?id=401513

https://launchpad.net/ubuntu/+source/policykit-1/0.103-1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.