This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Polkit Project First view 2015-10-26
Product Polkit Last view 2018-07-10
Version 0.110 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:polkit_project:polkit

Activity : Overall

Related : CVE

  Date Alert Description
4.4 2018-07-10 CVE-2018-1116

A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.

4.6 2015-10-26 CVE-2015-4625

Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.

4.6 2015-10-26 CVE-2015-3256

PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."

4.6 2015-10-26 CVE-2015-3255

The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.

2.1 2015-10-26 CVE-2015-3218

The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-264 Permissions, Privileges, and Access Controls
33% (1) CWE-189 Numeric Errors

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-fef8a691a6.nasl - Type: ACT_GATHER_INFO
2018-08-02 Name: The remote Fedora host is missing a security update.
File: fedora_2018-83df5dc658.nasl - Type: ACT_GATHER_INFO
2018-07-30 Name: The remote Debian host is missing a security update.
File: debian_DLA-1448.nasl - Type: ACT_GATHER_INFO
2016-11-15 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201611-07.nasl - Type: ACT_GATHER_INFO
2016-02-17 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-0189.nasl - Type: ACT_GATHER_INFO
2016-02-17 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2016-0189.nasl - Type: ACT_GATHER_INFO
2016-02-17 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-0189.nasl - Type: ACT_GATHER_INFO
2016-02-17 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20160216_polkit_on_SL7_x.nasl - Type: ACT_GATHER_INFO
2016-01-11 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_631fc042b63611e583ef14dae9d210b8.nasl - Type: ACT_GATHER_INFO
2015-11-20 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-711.nasl - Type: ACT_GATHER_INFO
2015-10-29 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2015-1838-1.nasl - Type: ACT_GATHER_INFO
2015-10-15 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2015-655.nasl - Type: ACT_GATHER_INFO
2015-07-22 Name: The remote Fedora host is missing a security update.
File: fedora_2015-11743.nasl - Type: ACT_GATHER_INFO
2015-07-14 Name: The remote Fedora host is missing a security update.
File: fedora_2015-11058.nasl - Type: ACT_GATHER_INFO