MidnightBSD

Advisories for polkit_project

CVE-2013-4288 HIGH

Race condition in PolicyKit (aka polkit) allows local users to bypass intended PolicyKit restrictions and gain privileges by starting a setuid or pkexec process before the authorization check is performed, related to (1) the polkit_unix_process_new API function, (2) the dbus API, or (3) the --process (unix-process) option for authorization to pkcheck.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-362,

Products Affected

Vendor Product Version
opensuse opensuse 12.2
opensuse opensuse 12.3
canonical ubuntu_linux 13.04
canonical ubuntu_linux 12.04
polkit_project polkit *
canonical ubuntu_linux 10.04
canonical ubuntu_linux 12.10
redhat enterprise_linux 6.0
CVE-2015-3218 LOW

The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
polkit_project polkit *
CVE-2015-3255 MEDIUM

The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
polkit_project polkit *
CVE-2015-3256 MEDIUM

PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
opensuse opensuse 13.1
opensuse opensuse 13.2
polkit_project polkit *
CVE-2015-4625 MEDIUM

Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
opensuse opensuse 13.1
fedoraproject fedora 22
opensuse opensuse 13.2
polkit_project polkit *
fedoraproject fedora 21
CVE-2018-1116 LOW

A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.4 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L 1.8 2.5

CVSS 2.0

Severity: LOW

Problem Type: CWE-285,CWE-862,

Products Affected

Vendor Product Version
canonical ubuntu_linux 12.04
polkit_project polkit *
debian debian_linux 8.0
CVE-2018-19788 HIGH

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
polkit_project polkit 0.115
canonical ubuntu_linux 12.04
canonical ubuntu_linux 18.10
canonical ubuntu_linux 14.04
debian debian_linux 9.0
debian debian_linux 8.0
canonical ubuntu_linux 18.04
CVE-2019-6133 MEDIUM

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 18.10
redhat enterprise_linux_desktop 7.0
canonical ubuntu_linux 14.04
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_aus 6.6
debian debian_linux 8.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server_aus 7.6
canonical ubuntu_linux 16.04
redhat enterprise_linux_workstation 7.0
polkit_project polkit 0.115
canonical ubuntu_linux 12.04
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_desktop 6.0
canonical ubuntu_linux 18.04
CVE-2021-3560 HIGH

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-863,CWE-754,

Products Affected

Vendor Product Version
redhat virtualization_host 4.0
debian debian_linux 11.0
redhat virtualization 4.0
polkit_project polkit *
redhat openshift_container_platform 4.7
canonical ubuntu_linux 20.04
CVE-2021-4034 HIGH

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-125,CWE-787,

Products Affected

Vendor Product Version
starwindsoftware starwind_virtual_san v8
oracle zfs_storage_appliance_kit 8.8
redhat enterprise_linux_for_power_little_endian_eus 8.2
suse manager_proxy 4.1
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_update_services_for_sap_solutions 8.4
siemens sinumerik_edge *
redhat enterprise_linux_for_ibm_z_systems_eus 8.2
oracle http_server 12.2.1.4.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.1
redhat enterprise_linux_server_tus 7.6
suse linux_enterprise_workstation_extension 12
suse linux_enterprise_desktop 15
redhat enterprise_linux_server_aus 7.3
suse linux_enterprise_server 15
starwindsoftware command_center 1.0
polkit_project polkit *
canonical ubuntu_linux 14.04
redhat enterprise_linux_for_power_big_endian 7.0
canonical ubuntu_linux 20.04
redhat enterprise_linux_server_update_services_for_sap_solutions 7.6
redhat enterprise_linux_for_power_little_endian_eus 8.1
siemens scalance_lpe9403_firmware *
canonical ubuntu_linux 21.10
redhat enterprise_linux_for_ibm_z_systems 7.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux_server_eus 8.4
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server_update_services_for_sap_solutions 8.2
redhat enterprise_linux_for_power_little_endian_eus 8.4
redhat enterprise_linux_server 6.0
canonical ubuntu_linux 16.04
oracle http_server 12.2.1.3.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_for_ibm_z_systems_eus 8.4
suse linux_enterprise_high_performance_computing 15.0
redhat enterprise_linux_server_aus 8.4
suse enterprise_storage 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_update_services_for_sap_solutions 7.7
redhat enterprise_linux_for_ibm_z_systems 8.0
redhat enterprise_linux_for_power_little_endian 8.0
canonical ubuntu_linux 18.04
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_tus 8.2
suse manager_server 4.1
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_for_power_little_endian 7.0
redhat enterprise_linux_workstation 7.0
redhat enterprise_linux 8.0
redhat enterprise_linux_eus 8.2
starwindsoftware starwind_hyperconverged_appliance -
CVE-2021-4115 LOW

There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: LOW

Problem Type: CWE-400,NVD-CWE-Other,

Products Affected

Vendor Product Version
fedoraproject fedora 34
debian debian_linux 11.0
oracle zfs_storage_appliance_kit 8.8
fedoraproject fedora 35
redhat enterprise_linux 8.0
canonical ubuntu_linux 20.04
canonical ubuntu_linux 21.10
polkit_project polkit 0.117