Описание
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 8 | polkit | Not affected | ||
| Red Hat Virtualization 4 | rhvm-appliance | Will not fix | ||
| Red Hat Enterprise Linux 6 | polkit | Fixed | RHSA-2019:0420 | 26.02.2019 |
| Red Hat Enterprise Linux 6.6 Advanced Update Support | polkit | Fixed | RHSA-2019:0832 | 23.04.2019 |
| Red Hat Enterprise Linux 7 | polkit | Fixed | RHSA-2019:0230 | 31.01.2019 |
| Red Hat Enterprise Linux 7.4 Extended Update Support | polkit | Fixed | RHSA-2019:2699 | 12.09.2019 |
| Red Hat Enterprise Linux 7.5 Extended Update Support | polkit | Fixed | RHSA-2019:2978 | 08.10.2019 |
Показывать по
Дополнительная информация
Статус:
7.3 High
CVSS3
Связанные уязвимости
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism ...
7.3 High
CVSS3