CVE-2018-8885

Name of the Vulnerable Software and Affected Versions screen-resolution-extra version 0.17.2

Description The issue is related to the screenresolution-mechanism in screen-resolution-extra, which does not properly utilize the PolicyKit D-Bus API. This allows local users to bypass intended access restrictions by exploiting a race condition. The race condition can be leveraged via a setuid or pkexec process that is mishandled in a PolicyKitService. check permission call.

Recommendations For screen-resolution-extra version 0.17.2, consider restricting access to the PolicyKitService. check permission function until a patch is available. As a temporary workaround, avoid using setuid or pkexec processes that may be mishandled by the PolicyKitService. check permission call. At the moment, there is no information about a newer version that contains a fix for this issue.