CVE-2015-3255

Severity

46%

Complexity

39%

Confidentiality

106%

The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.

The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 9 years ago

2015-10-26 19:59:00

Last updated 6 years ago

2018-07-28 01:29:00

Affected Software

Polkit Project Policykit (aka polkit)

References

[polkit-devel] 20150702 polkit-0.113 released

openSUSE-SU-2015:1734

openSUSE-SU-2015:1927

1035023

https://bugs.freedesktop.org/show_bug.cgi?id=83590

https://bugzilla.redhat.com/show_bug.cgi?id=1245673

GLSA-201611-07

USN-3717-2

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.