Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 201204-06 ] PolicyKit: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Veteran
Veteran


Joined: 12 May 2004
Posts: 1539

PostPosted: Wed Apr 18, 2012 1:26 am    Post subject: [ GLSA 201204-06 ] PolicyKit: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: PolicyKit: Multiple vulnerabilities (GLSA 201204-06)
Severity: high
Exploitable: local
Date: April 17, 2012
Bug(s): #314535, #364973, #401513
ID: 201204-06

Synopsis

Multiple vulnerabilities have been found in PolicyKit, the worst of
which may allow a local attacker to gain root privileges.


Background

PolicyKit is a toolkit for controlling privileges for system-wide
services.


Affected Packages

Package: sys-auth/polkit
Vulnerable: < 0.104-r1
Unaffected: >= 0.104-r1
Architectures: All supported architectures


Description

Multiple vulnerabilities have been found in PolicyKit:
  • Error messages in the pkexec utility disclose the existence of local
    files (CVE-2010-0750).
  • The pkexec utility initially checks the effective user ID of its
    parent process for authorization, instead of checking the real user ID
    (CVE-2011-1485).
  • Members of the "wheel" group are able to execute commands as an
    administrator without a password (CVE-2011-4945).


Impact

A local attacker could gain elevated privileges or sensitive
information.


Workaround

There is no known workaround at this time.

Resolution

All PolicyKit users should upgrade to the latest version:
Code:
# emerge --sync
      # emerge --ask --oneshot --verbose ">=sys-auth/polkit-0.104-r1"
   


References

CVE-2010-0750
CVE-2011-1485
CVE-2011-4945
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum