ID CVE-2018-1116
Summary A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.
References
Vulnerable Configurations
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  • cpe:2.3:a:polkit_project:polkit:-:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:-:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.91:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.92:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.92:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.93:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.93:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.94:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.94:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.95:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.95:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.96:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.96:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.97:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.97:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.98:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.98:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.99:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.99:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.100:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.100:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.101:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.101:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.102:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.102:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.103:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.103:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.104:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.104:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.105:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.105:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.106:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.106:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.107:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.107:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.108:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.108:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.109:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.109:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.110:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.110:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.111:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.111:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.112:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.112:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.113:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.113:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.114:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.114:*:*:*:*:*:*:*
CVSS
Base: 3.6 (as of 05-05-2020 - 16:05)
Impact:
Exploitability:
CWE CWE-862
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:P
redhat via4
advisories
bugzilla
id 1753037
title unable to paste anything with systemctl or service start, stop, restart commands in terminal session
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment polkit is earlier than 0:0.112-26.el7
          oval oval:com.redhat.rhsa:tst:20201135001
        • comment polkit is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110455002
      • AND
        • comment polkit-devel is earlier than 0:0.112-26.el7
          oval oval:com.redhat.rhsa:tst:20201135003
        • comment polkit-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110455006
      • AND
        • comment polkit-docs is earlier than 0:0.112-26.el7
          oval oval:com.redhat.rhsa:tst:20201135005
        • comment polkit-docs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110455008
rhsa
id RHSA-2020:1135
released 2020-03-31
severity Low
title RHSA-2020:1135: polkit security and bug fix update (Low)
rpms
  • polkit-0:0.112-26.el7
  • polkit-debuginfo-0:0.112-26.el7
  • polkit-devel-0:0.112-26.el7
  • polkit-docs-0:0.112-26.el7
refmap via4
confirm
gentoo GLSA-201908-14
mlist [debian-lts-announce] 20180728 [SECURITY] [DLA-1448-1] policykit-1 security update
ubuntu USN-3717-2
Last major update 05-05-2020 - 16:05
Published 10-07-2018 - 19:29
Last modified 05-05-2020 - 16:05
Back to Top