PT-2015-2610 · Polkit+4 · Policykit+4

Vasyl Kaigorodov

·

Publicado

2015-07-02

·

Atualizado

2018-10-30

·

CVE-2015-3256

CVSS v2.0

4.6

Média

VetorAV:L/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions PolicyKit (aka polkit) versions prior to 0.113
Description The issue is related to "javascript rule evaluation" and is caused by insufficient access control to certain functions. This can lead to a denial of service, resulting in memory corruption and a crash of the polkitd daemon, and potentially allow a local user to gain privileges.
Recommendations For versions prior to 0.113, update to version 0.113 or later to resolve the issue. As a temporary workaround, consider restricting access to the polkitd daemon to minimize the risk of exploitation.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

ALT-PU-2015-1588
BDU:2015-11975
CESA-2016_0189
CVE-2015-3256
MGASA-2015-0262
OPENSUSE-SU-2015_1734-1
RHSA-2016:0189
RHSA-2016_0189
SUSE-SU-2015:1838-1

Produtos afetados

Alt Linux
Centos
Policykit
Red Hat
Suse