This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Polkit Project First view 2018-12-03
Product Polkit Last view 2019-01-11
Version 0.115 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:polkit_project:polkit

Activity : Overall

Related : CVE

  Date Alert Description
6.7 2019-01-11 CVE-2019-6133

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

8.8 2018-12-03 CVE-2018-19788

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-284 Access Control (Authorization) Issues
50% (1) CWE-20 Improper Input Validation

Nessus® Vulnerability Scanner

id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-2f8696869e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4ac3c68ee4.nasl - Type: ACT_GATHER_INFO
2018-12-07 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4350.nasl - Type: ACT_GATHER_INFO