PT-2019-1718 · Linux+5 · Policykit+5

Jann Horn

·

Published

2019-01-08

·

Updated

2024-06-15

·

CVE-2019-6133

CVSS v3.1

6.7

Medium

VectorAV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PolicyKit (aka polkit) versions 0.115
Description The issue is related to insufficient access control in the PolicyKit library for Linux operating systems. It allows an attacker to bypass the "start time" protection mechanism due to the non-atomic nature of the fork() function, leading to improper caching of authorization decisions. This is caused by a lack of uid checking in the polkitbackendinteractiveauthority.c file.
Recommendations For PolicyKit (aka polkit) version 0.115, consider restricting access to the polkitbackendinteractiveauthority.c file until a patch is available. As a temporary workaround, review and strengthen the authorization decisions and access control mechanisms to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-362CWE-284

Related Identifiers

ALT-PU-2019-1771
BDU:2019-01338
CESA-2019_0230
CESA-2019_0420
CVE-2019-6133
DLA-1644-1
DLA-1799-1
DLA-1799-2
OPENSUSE-SU-2019:1914-1
OPENSUSE-SU-2019_1914-1
OPENSUSE-SU-2024:11180-1
RHSA-2019:0230
RHSA-2019:0420
RHSA-2019:0832
RHSA-2019:2699
RHSA-2019:2978
RHSA-2019_0230
RHSA-2019_0420
SUSE-SU-2019:2018-1
SUSE-SU-2019:2035-1
SUSE-SU-2019:2035-2
SUSE-SU-2019_2018-1
SUSE-SU-2019_2035-1
SUSE-SU-2020:3503-1
SUSE-SU-2021:0437-1
USN-3901-1
USN-3901-2
USN-3903-1
USN-3903-2
USN-3908-1
USN-3908-2
USN-3910-1
USN-3910-2
USN-3934-1
USN-3934-2

Affected Products

Alt Linux
Centos
Policykit
Red Hat
Suse
Ubuntu