what you don't know can hurt you
Showing 1 - 15 of 15 RSS Feed

CVE-2019-6133

Status Candidate

Overview

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

Related Files

Red Hat Security Advisory 2019-2978-01
Posted Oct 8, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2978-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. An auth hijacking issue has been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-6133
MD5 | e0daaacdfe0fb921abb51bcfaa713cd4
Red Hat Security Advisory 2019-2699-01
Posted Sep 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2699-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. An auth hijacking vulnerability was addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-6133
MD5 | c7f2ecc765ad9171f619e827c9043848
Ubuntu Security Notice USN-3934-2
Posted Sep 2, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3934-2 - USN-3934-1 fixed a vulnerability in Policykit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-6133
MD5 | 9cbdabd5e777b07bb2723138676679d8
Red Hat Security Advisory 2019-0832-01
Posted Apr 23, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0832-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include an auth hijacking vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-6133
MD5 | 456879906085e6140afa6af149106704
Ubuntu Security Notice USN-3934-1
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3934-1 - It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-6133
MD5 | 7bcf3c55b5d0c03de851971d584765dc
Ubuntu Security Notice USN-3910-1
Posted Mar 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3910-1 - It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. It was discovered that the procfs filesystem did not properly handle processes mapping some memory elements onto files. A local attacker could use this to block utilities that examine the procfs filesystem to report operating system state, such as ps. Various other issues were also addressed.

tags | advisory, denial of service, kernel, local
systems | linux, ubuntu
advisories | CVE-2017-18241, CVE-2018-1120, CVE-2018-19985, CVE-2018-7740, CVE-2019-6133
MD5 | 4c9e16088685e925a3c78db741714aee
Ubuntu Security Notice USN-3910-2
Posted Mar 16, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3910-2 - USN-3910-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that the f2fs filesystem implementation in the Linux kernel did not handle the noflush_merge mount option correctly. An attacker could use this to cause a denial of service. Various other issues were also addressed.

tags | advisory, denial of service, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2017-18241, CVE-2018-1120, CVE-2018-19985, CVE-2018-7740, CVE-2019-6133
MD5 | 90737e4356a35bc59a396e5d7a1d20a2
Ubuntu Security Notice USN-3908-2
Posted Mar 14, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3908-2 - USN-3908-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM. Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2019-6133
MD5 | dbb305ea7db319ebed15a4e2411d5c52
Ubuntu Security Notice USN-3908-1
Posted Mar 12, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3908-1 - Jann Horn discovered a race condition in the fork system call in the Linux kernel. A local attacker could use this to gain access to services that cache authorizations.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-6133
MD5 | 03182f2331e6a955ceec56252c40c57c
Ubuntu Security Notice USN-3903-2
Posted Mar 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3903-2 - USN-3903-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.10. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.10 for Ubuntu 18.04 LTS. Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service or possibly execute arbitrary code in the host kernel. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-16880, CVE-2018-18397, CVE-2019-6133
MD5 | 5e5d9cbb5878ed83496a64b72a97df4f
Ubuntu Security Notice USN-3903-1
Posted Mar 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3903-1 - Jason Wang discovered that the vhost net driver in the Linux kernel contained an out of bounds write vulnerability. An attacker in a guest virtual machine could use this to cause a denial of service or possibly execute arbitrary code in the host kernel. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2018-16880, CVE-2018-18397, CVE-2019-6133
MD5 | 1bae64cc96939b5670016270682ddee8
Ubuntu Security Notice USN-3901-2
Posted Mar 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3901-2 - USN-3901-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement kernel from Ubuntu 18.04 LTS for Ubuntu 16.04 LTS. Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. Various other issues were also addressed.

tags | advisory, kernel, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-18397, CVE-2018-19854, CVE-2019-6133
MD5 | b16c27e4df4131e0ce265e946b97e632
Ubuntu Security Notice USN-3901-1
Posted Mar 6, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3901-1 - Jann Horn discovered that the userfaultd implementation in the Linux kernel did not properly restrict access to certain ioctls. A local attacker could use this possibly to modify files. It was discovered that the crypto subsystem of the Linux kernel leaked uninitialized memory to user space in some situations. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, kernel, local, crypto
systems | linux, ubuntu
advisories | CVE-2018-18397, CVE-2018-19854, CVE-2019-6133
MD5 | 6ab9958194be37f509bff70f83a95612
Red Hat Security Advisory 2019-0420-01
Posted Feb 26, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0420-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include an auth hijacking vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-6133
MD5 | d1ed69010afc1e583b253160eaf3104b
Red Hat Security Advisory 2019-0230-01
Posted Feb 1, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0230-01 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include an auth hijacking vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2019-6133
MD5 | 0cb68189c1051c375c2b461d61874125
Page 1 of 1
Back1Next

File Archive:

January 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    4 Files
  • 2
    Jan 2nd
    3 Files
  • 3
    Jan 3rd
    3 Files
  • 4
    Jan 4th
    33 Files
  • 5
    Jan 5th
    31 Files
  • 6
    Jan 6th
    21 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    19 Files
  • 9
    Jan 9th
    1 Files
  • 10
    Jan 10th
    1 Files
  • 11
    Jan 11th
    33 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    27 Files
  • 14
    Jan 14th
    8 Files
  • 15
    Jan 15th
    16 Files
  • 16
    Jan 16th
    1 Files
  • 17
    Jan 17th
    2 Files
  • 18
    Jan 18th
    20 Files
  • 19
    Jan 19th
    32 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    10 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close