Download
| Alert*
oval:org.secpod.oval:def:600646
Neel Mehta discovered that a race condition in Policykit, a framework for managing administrative policies and privileges, allowed local users to elevate privileges by executing a setuid program from pkexec. The oldstable distribution does not contain the policykit-1 package. oval:org.secpod.oval:def:701872 policykit-1 is installed oval:org.secpod.oval:def:701422 policykit-1: framework for managing administrative policies and privileges polkit could be tricked into giving out improper authorization. oval:org.secpod.oval:def:73439 policykit-1: framework for managing administrative policies and privileges The system could be made to run programs as an administrator. oval:org.secpod.oval:def:53473 It was discovered that incorrect processing of very high UIDs in Policykit, a framework for managing administrative policies and privileges, could result in authentication bypass. oval:org.secpod.oval:def:51031 policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access. oval:org.secpod.oval:def:50279 policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access. oval:org.secpod.oval:def:2001571 A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and informa ... oval:org.secpod.oval:def:603584 It was discovered that incorrect processing of very high UIDs in Policykit, a framework for managing administrative policies and privileges, could result in authentication bypass. oval:org.secpod.oval:def:704874 policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access. oval:org.secpod.oval:def:54117 policykit-1: framework for managing administrative policies and privileges PolicyKit could allow unintended access. oval:org.secpod.oval:def:2000401 In PolicyKit 0.115, the "start time" protection mechanism can be bypassed because fork is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. oval:org.secpod.oval:def:89411 policykit-1: framework for managing administrative policies and privileges, policykit-1 could be made to run programs as an administrator. oval:org.secpod.oval:def:78191 policykit-1: framework for managing administrative policies and privileges policykit-1 could be made to run programs as an administrator. oval:org.secpod.oval:def:78156 The Qualys Research Labs discovered a local privilege escalation in PolicyKit"s pkexec. Details can be found in the Qualys advisory at https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt oval:org.secpod.oval:def:605760 The Qualys Research Labs discovered a local privilege escalation in PolicyKit"s pkexec. Details can be found in the Qualys advisory at https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt |