SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   PolicyKit Vendors:   Freedesktop.org
PolicyKit Race Condition in pkexec and polkitd Lets Local Users Gain Root Privileges
SecurityTracker Alert ID:  1025401
SecurityTracker URL:  http://securitytracker.com/id/1025401
CVE Reference:   CVE-2011-1485   (Links to External Site)
Updated:  Apr 20 2011
Original Entry Date:  Apr 20 2011
Impact:   Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 0.101 and prior versions
Description:   A vulnerability was reported in PolicyKit. A local user can obtain root privileges on the target system.

A local user may be able to exploit a race condition in the pkexec and polkitd processes to execute arbitrary commands on the target system with root privileges.
Impact:   A local user can obtain root privileges on the target system.
Solution:   The vendor has issued a source code fix:

http://cgit.freedesktop.org/PolicyKit/commit/?id=dd848a42a64a3b22a0cc60f6657b56ce9b6010ae
http://cgit.freedesktop.org/PolicyKit/commit/?id=129b6223a19e7fb2753f8cad7957ac5402394076
http://cgit.freedesktop.org/PolicyKit/commit/?id=c23d74447c7615dc74dae259f0fc3688ec988867
http://cgit.freedesktop.org/PolicyKit/commit/?id=3b12cfac29dddd27f1f166a7574d8374cc1dccf2
Vendor URL:  www.freedesktop.org/wiki/Software/PolicyKit (Links to External Site)
Cause:   Access control error, State error
Underlying OS:   Linux (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Apr 20 2011 (Red Hat Issues Fix) PolicyKit Race Condition in pkexec and polkitd Lets Local Users Gain Root Privileges   (bugzilla@redhat.com)
Red Hat has issued a fix for Red Hat Enterprise Linux 6.


 Source Message Contents
Date:  Tue Apr 19 11:57:00 PDT 2011
Subject:  CVE-2011-1485

Hey,

A while ago, I was privately contacted about a vulnerability in
PolicyKit. For more details see,

 https://bugzilla.redhat.com/show_bug.cgi?id=692922

Now that the embargo for this issue has been lifted (my contact from
Red Hat's security response team has been in contact with other
vendors for a coordinated release), I have pushed the fixes, see

 http://cgit.freedesktop.org/PolicyKit/commit/?id=dd848a42a64a3b22a0cc60f6657b56ce9b6010ae
 http://cgit.freedesktop.org/PolicyKit/commit/?id=129b6223a19e7fb2753f8cad7957ac5402394076
 http://cgit.freedesktop.org/PolicyKit/commit/?id=c23d74447c7615dc74dae259f0fc3688ec988867
 http://cgit.freedesktop.org/PolicyKit/commit/?id=3b12cfac29dddd27f1f166a7574d8374cc1dccf2

to the master branch. I have also created a polkit-0-96 branch with
the fixes backported to version 0.96, see

 http://cgit.freedesktop.org/PolicyKit/log/?h=polkit-0-96

since this is the version that my employer ships in a supported product.

I will probably release 0.102 soon - until then vendors are advised to
include these patches ASAP.

Thanks,
David


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC