CVE-2011-1485

Name of the Vulnerable Software and Affected Versions polkit versions prior to 0.104-r1 policykit-1 versions prior to 0.104-r1

Description The issue affects the polkit package in Gentoo Linux and policykit-1 in Debian GNU/Linux, allowing local exploitation that may lead to breaches in confidentiality, integrity, and availability of protected information. A race condition in the pkexec utility and polkitd daemon in PolicyKit allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.

Recommendations For polkit versions prior to 0.104-r1, update to version 0.104-r1 or later to resolve the issue. For policykit-1 versions prior to 0.104-r1, update to version 0.104-r1 or later to resolve the issue. As a temporary workaround, consider restricting access to the pkexec utility and polkitd daemon to minimize the risk of exploitation.