PT-2018-2514 · Freedesktop.Org+5 · Policykit+5

Salvatore Bonaccorso

Publicado

2018-12-02

Atualizado

2024-06-15

CVE-2018-19788

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PolicyKit versions 0.115

Description The issue is related to errors in handling large user ID values (exceeding INT MAX) in the PolicyKit platform, which can lead to the execution of any systemctl command. This can allow an attacker to bypass authentication procedures.

Recommendations For PolicyKit version 0.115, update to a version that fixes this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

RCE

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-287

Identificadores relacionados

ALT-PU-2018-2800

ALT-PU-2019-1013

ALT-PU-2019-1771

BDU:2019-00885

CESA-2019_0230

CESA-2019_0420

CESA-2019_2046

CVE-2018-19788

DLA-1644-1

DSA-4350-1

ELSA-2019-2046

OPENSUSE-SU-2018_4282-1

OPENSUSE-SU-2019:0010-1

OPENSUSE-SU-2019_0010-1

OPENSUSE-SU-2024:11180-1

RHSA-2019:2046

RHSA-2019:3232

RHSA-2019_0230

RHSA-2019_0420

RHSA-2019_2046

SUSE-SU-2019:0015-1

SUSE-SU-2019:0019-1

SUSE-SU-2019:0019-2

SUSE-SU-2019_0015-1

SUSE-SU-2019_0019-1

SUSE-SU-2019_0019-2

USN-3861-1

USN-3861-2

Produtos afetados

Alt Linux

Centos

Policykit

Red Hat

Suse

Ubuntu

PT-2018-2514 · Freedesktop.Org+5 · Policykit+5

CVE-2018-19788

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 84