CVE-2019-6133 - Improper Access Control

Severity

44%

Complexity

34%

Confidentiality

106%

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

CVSS 3.0 Base Score 6.7. CVSS Attack Vector: local. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 4.4. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 6 years ago

2019-01-11 14:29:00

Last updated 5 years ago

2019-05-28 19:29:00

Affected Software

Polkit Project Polkit 0.115

0.115

Debian Linux 8.0 (Jessie)

8.0

RedHat Enterprise Linux Desktop 7.0

7.0

RedHat Enterprise Linux Server 7.0

7.0

Red Hat Enterprise Linux Server Advanced mission critical Update Support (AUS) 7.6

7.6

Red Hat Enterprise Linux Server Extended Update Support (EUS) 7.6

7.6

Red Hat Enterprise Linux Server Telecommunications Update Service (TUS) 7.6

7.6

RedHat Enterprise Linux Workstation 7.0

7.0

Red Hat Enterprise Linux Desktop 6.0

6.0

Red Hat Enterprise Linux Server 6.0

6.0

Red Hat Enterprise Linux Workstation 6.0

6.0

Canonical Ubuntu Linux 12.04 ESM (Extended Security Maintenance)

12.04

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)

16.04

Canonical Ubuntu Linux 18.04 LTS Edition

18.04

Canonical Ubuntu Linux 18.10

18.10

References

openSUSE-SU-2019:1914

106537

Third Party Advisory, VDB Entry

RHSA-2019:0230

Third Party Advisory

RHSA-2019:0420

Third Party Advisory

RHSA-2019:0832

Third Party Advisory

RHSA-2019:2699

RHSA-2019:2978

https://bugs.chromium.org/p/project-zero/issues/detail?id=1692

Issue Tracking, Mailing List, Third Party Advisory

https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf

Patch, Third Party Advisory

https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81

Patch, Third Party Advisory

https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19

Patch, Third Party Advisory

[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update

Mailing List, Third Party Advisory

[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update

[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update

https://support.f5.com/csp/article/K22715344

Third Party Advisory

USN-3901-1

Third Party Advisory

USN-3901-2

Third Party Advisory

USN-3903-1

Third Party Advisory

USN-3903-2

Third Party Advisory

USN-3908-1

Third Party Advisory

USN-3908-2

Third Party Advisory

USN-3910-1

Third Party Advisory

USN-3910-2

Third Party Advisory

USN-3934-1

Third Party Advisory

USN-3934-2

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.