Описание
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| policykit-1 | fixed | 0.113-1 | experimental | package |
| policykit-1 | fixed | 0.105-11 | package | |
| policykit-1 | fixed | 0.105-15~deb8u1 | jessie | package |
| policykit-1 | no-dsa | wheezy | package | |
| policykit-1 | not-affected | squeeze | package |
Примечания
http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html
Patch: http://cgit.freedesktop.org/polkit/commit/?id=48e646918efb2bf0b3b505747655726d7869f31c
Introduced by: http://cgit.freedesktop.org/polkit/commit/?id=6eeb077bc90c9c7783360a526b2f04645b1b0848
EPSS
Связанные уязвимости
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
EPSS