Showing 1 - 5 of 5

CVE-2018-1116

Status Candidate

Overview

A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.

Related Files

Red Hat Security Advisory 2020-1135-01: Posted Apr 1, 2020; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2020-1135-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include an improper authorization vulnerability.; tags | advisory; systems | linux, redhat; advisories | CVE-2018-1116; SHA-256 | ace9078d6030810b51e1c9a5ec380242c48c4ea505d1286a64132ca6f18fa717; Download | Favorite | View

Gentoo Linux Security Advisory 201908-14: Posted Aug 15, 2019; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 201908-14 - Multiple vulnerabilities have been found in polkit, the worst of which could result in privilege escalation. Versions less than 0.115-r2 are affected.; tags | advisory, vulnerability; systems | linux, gentoo; advisories | CVE-2018-1116, CVE-2018-19788; SHA-256 | 72057a572ca36c14f97562a44eb2096c759400201674f862cc97946ccd12b61b; Download | Favorite | View

Ubuntu Security Notice USN-3717-2: Posted Jul 17, 2018; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3717-2 - USN-3717-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. Various other issues were also addressed.; tags | advisory, denial of service, local; systems | linux, ubuntu; advisories | CVE-2015-3255, CVE-2018-1116; SHA-256 | 0e50fe8144849a5cdb19a5c84bfb390d531f53793544abd196d8c4665d9109c3; Download | Favorite | View

Ubuntu Security Notice USN-3717-1: Posted Jul 16, 2018; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 3717-1 - Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid object paths. A local attacker could possibly use this issue to cause PolicyKit to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.; tags | advisory, denial of service, local; systems | linux, ubuntu; advisories | CVE-2015-3218, CVE-2015-3255, CVE-2015-4625, CVE-2018-1116; SHA-256 | 7b9aa26f312ac39e4b97279a9cacf1e2c8f625a61c1040cca0bf6077d0dfc716; Download | Favorite | View