CVE: CVE-2019-6133

Descrizione: In PolicyKit (aka polkit) 0.115, the “start time” protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

Vettore di attacco

Riferimenti esterni

• https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
• https://usn.ubuntu.com/3903-2/
• https://access.redhat.com/errata/RHSA-2019:0230
• https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf
• https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html
• https://usn.ubuntu.com/3910-1/
• https://usn.ubuntu.com/3901-2/
• https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
• https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
• https://usn.ubuntu.com/3910-2/
• https://access.redhat.com/errata/RHSA-2019:0420
• https://usn.ubuntu.com/3908-2/
• https://usn.ubuntu.com/3901-1/
• https://usn.ubuntu.com/3903-1/
• http://www.securityfocus.com/bid/106537
• https://usn.ubuntu.com/3908-1/
• https://support.f5.com/csp/article/K22715344
• https://usn.ubuntu.com/3934-1/
• https://access.redhat.com/errata/RHSA-2019:0832
• https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
• https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
• http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html
• https://usn.ubuntu.com/3934-2/
• https://access.redhat.com/errata/RHSA-2019:2699
• https://access.redhat.com/errata/RHSA-2019:2978

Prodotti interessati

• n/a – n/a

Relazioni con altri prodotti

Nessun prodotto trovato per il CVE: cve-2019-6133