PT-2019-1718 · Linux+5 · Policykit+5

Jann Horn

·

Publicado

2019-01-08

·

Atualizado

2024-06-15

·

CVE-2019-6133

CVSS v3.1

6.7

Média

VetorAV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PolicyKit (aka polkit) versions 0.115
Description The issue is related to insufficient access control in the PolicyKit library for Linux operating systems. It allows an attacker to bypass the "start time" protection mechanism due to the non-atomic nature of the fork() function, leading to improper caching of authorization decisions. This is caused by a lack of uid checking in the polkitbackendinteractiveauthority.c file.
Recommendations For PolicyKit (aka polkit) version 0.115, consider restricting access to the polkitbackendinteractiveauthority.c file until a patch is available. As a temporary workaround, review and strengthen the authorization decisions and access control mechanisms to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-284

Identificadores relacionados

ALT-PU-2019-1771
BDU:2019-01338
CESA-2019_0230
CESA-2019_0420
CVE-2019-6133
DLA-1644-1
DLA-1799-1
DLA-1799-2
OPENSUSE-SU-2019:1914-1
OPENSUSE-SU-2019_1914-1
OPENSUSE-SU-2024:11180-1
RHSA-2019:0230
RHSA-2019:0420
RHSA-2019:0832
RHSA-2019:2699
RHSA-2019:2978
RHSA-2019_0230
RHSA-2019_0420
SUSE-SU-2019:2018-1
SUSE-SU-2019:2035-1
SUSE-SU-2019:2035-2
SUSE-SU-2019_2018-1
SUSE-SU-2019_2035-1
SUSE-SU-2020:3503-1
SUSE-SU-2021:0437-1
USN-3901-1
USN-3901-2
USN-3903-1
USN-3903-2
USN-3908-1
USN-3908-2
USN-3910-1
USN-3910-2
USN-3934-1
USN-3934-2

Produtos afetados

Alt Linux
Centos
Policykit
Red Hat
Suse
Ubuntu