ID CVE-2015-3218
Summary The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path. <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>
References
Vulnerable Configurations
  • cpe:2.3:a:polkit_project:polkit:-:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:-:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.91:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.92:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.92:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.93:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.93:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.94:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.94:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.95:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.95:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.96:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.96:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.97:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.97:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.98:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.98:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.99:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.99:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.100:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.100:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.101:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.101:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.102:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.102:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.103:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.103:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.104:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.104:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.105:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.105:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.106:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.106:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.107:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.107:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.108:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.108:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.109:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.109:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.110:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.110:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.111:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.111:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.112:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.112:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 18-07-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 76086
fedora
  • FEDORA-2015-11058
  • FEDORA-2015-11743
mlist
  • [polkit-devel] 20150529 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent
  • [polkit-devel] 20150630 Crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent
  • [polkit-devel] 20150702 polkit-0.113 released
sectrack 1035023
suse
  • openSUSE-SU-2015:1734
  • openSUSE-SU-2015:1927
ubuntu USN-3717-1
Last major update 18-07-2018 - 01:29
Published 26-10-2015 - 19:59
Last modified 18-07-2018 - 01:29
Back to Top