Vulnerabilities > CVE-2018-1116 - Missing Authorization vulnerability in multiple products

047910
CVSS 4.4 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
LOW
local
low complexity
debian
canonical
polkit-project
CWE-862
nessus

Summary

A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-579.NASL
    descriptionThis update for polkit fixes the following issues : Security issue fixed : - CVE-2018-1116: Fix uid comparison lacking in polkit_backend_interactive_authority_check_authorization (bsc#1099031). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-05-12
    modified2019-03-27
    plugin id123251
    published2019-03-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/123251
    titleopenSUSE Security Update : polkit (openSUSE-2019-579)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2019-579.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(123251);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/11");
    
      script_cve_id("CVE-2018-1116");
    
      script_name(english:"openSUSE Security Update : polkit (openSUSE-2019-579)");
      script_summary(english:"Check for the openSUSE-2019-579 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for polkit fixes the following issues :
    
    Security issue fixed :
    
      - CVE-2018-1116: Fix uid comparison lacking in
        polkit_backend_interactive_authority_check_authorization
        (bsc#1099031).
    
    This update was imported from the SUSE:SLE-15:Update update project."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099031"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected polkit packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1116");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpolkit0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpolkit0-32bit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpolkit0-32bit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpolkit0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:polkit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:polkit-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:polkit-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:polkit-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:polkit-devel-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:typelib-1_0-Polkit-1_0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE15.0", reference:"libpolkit0-0.114-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"libpolkit0-debuginfo-0.114-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"polkit-0.114-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"polkit-debuginfo-0.114-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"polkit-debugsource-0.114-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"polkit-devel-0.114-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"polkit-devel-debuginfo-0.114-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", reference:"typelib-1_0-Polkit-1_0-0.114-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libpolkit0-32bit-0.114-lp150.2.3.1") ) flag++;
    if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libpolkit0-32bit-debuginfo-0.114-lp150.2.3.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpolkit0 / libpolkit0-32bit / libpolkit0-32bit-debuginfo / etc");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3717-1.NASL
    descriptionTavis Ormandy discovered that PolicyKit incorrectly handled certain invalid object paths. A local attacker could possibly use this issue to cause PolicyKit to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3218) It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3255) Tavis Ormandy discovered that PolicyKit incorrectly handled duplicate cookie values. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-4625) Matthias Gerstner discovered that PolicyKit incorrectly checked users. A local attacker could possibly use this issue to cause authentication dialogs to show up for other users, leading to a denial of service or an information leak. (CVE-2018-1116). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2018-07-17
    plugin id111135
    published2018-07-17
    reporterUbuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111135
    titleUbuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : policykit-1 vulnerabilities (USN-3717-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-3717-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(111135);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id("CVE-2015-3218", "CVE-2015-3255", "CVE-2015-4625", "CVE-2018-1116");
      script_xref(name:"USN", value:"3717-1");
    
      script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : policykit-1 vulnerabilities (USN-3717-1)");
      script_summary(english:"Checks dpkg output for updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Ubuntu host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Tavis Ormandy discovered that PolicyKit incorrectly handled certain
    invalid object paths. A local attacker could possibly use this issue
    to cause PolicyKit to crash, resulting in a denial of service. This
    issue only affected Ubuntu 14.04 LTS. (CVE-2015-3218)
    
    It was discovered that PolicyKit incorrectly handled certain duplicate
    action IDs. A local attacker could use this issue to cause PolicyKit
    to crash, resulting in a denial of service, or possibly escalate
    privileges. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3255)
    
    Tavis Ormandy discovered that PolicyKit incorrectly handled duplicate
    cookie values. A local attacker could use this issue to cause
    PolicyKit to crash, resulting in a denial of service, or possibly
    escalate privileges. This issue only affected Ubuntu 14.04 LTS.
    (CVE-2015-4625)
    
    Matthias Gerstner discovered that PolicyKit incorrectly checked users.
    A local attacker could possibly use this issue to cause authentication
    dialogs to show up for other users, leading to a denial of service or
    an information leak. (CVE-2018-1116).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/3717-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libpolkit-backend-1-0 package."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpolkit-backend-1-0");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/26");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/17");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(14\.04|16\.04|17\.10|18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10 / 18.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"14.04", pkgname:"libpolkit-backend-1-0", pkgver:"0.105-4ubuntu3.14.04.2")) flag++;
    if (ubuntu_check(osver:"16.04", pkgname:"libpolkit-backend-1-0", pkgver:"0.105-14.1ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"17.10", pkgname:"libpolkit-backend-1-0", pkgver:"0.105-18ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"18.04", pkgname:"libpolkit-backend-1-0", pkgver:"0.105-20ubuntu0.18.04.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpolkit-backend-1-0");
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2651.NASL
    descriptionAccording to the version of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorizatio n function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.(CVE-2018-1116) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-18
    plugin id132186
    published2019-12-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132186
    titleEulerOS 2.0 SP3 : polkit (EulerOS-SA-2019-2651)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(132186);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2018-1116"
      );
    
      script_name(english:"EulerOS 2.0 SP3 : polkit (EulerOS-SA-2019-2651)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the polkit packages installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerability :
    
      - A flaw was found in polkit before version 0.116. The
        implementation of the
        polkit_backend_interactive_authority_check_authorizatio
        n function in polkitd allows to test for authentication
        and trigger authentication of unrelated processes owned
        by other users. This may result in a local DoS and
        information disclosure.(CVE-2018-1116)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2651
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?035f4565");
      script_set_attribute(attribute:"solution", value:
    "Update the affected polkit package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1116");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/12/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:polkit");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:polkit-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:polkit-docs");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["polkit-0.112-12.h10",
            "polkit-devel-0.112-12.h10",
            "polkit-docs-0.112-12.h10"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "polkit");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-1135.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1135 advisory. - polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd (CVE-2018-1116) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-04-10
    plugin id135345
    published2020-04-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135345
    titleCentOS 7 : polkit (CESA-2020:1135)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1448.NASL
    descriptionIt was discovered that there was a denial of service vulnerability in policykit-1, a framework for managing administrative policies and privileges. For Debian 8
    last seen2020-05-08
    modified2018-07-30
    plugin id111389
    published2018-07-30
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111389
    titleDebian DLA-1448-1 : policykit-1 security update
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2165-1.NASL
    descriptionThis update for polkit fixes the following issues: Security issue fixed : - CVE-2018-1116: Fix uid comparison lacking in polkit_backend_interactive_authority_check_authorization (bsc#1099031). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-12
    modified2019-01-02
    plugin id120069
    published2019-01-02
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120069
    titleSUSE SLED15 / SLES15 Security Update : polkit (SUSE-SU-2018:2165-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2223.NASL
    descriptionAccording to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorizatio n function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.(CVE-2018-1116) - The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.(CVE-2015-3255) - The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.(CVE-2015-3218) - A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.(CVE-2018-19788) - Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.(CVE-2015-4625) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-08
    plugin id130685
    published2019-11-08
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130685
    titleEulerOS 2.0 SP5 : polkit (EulerOS-SA-2019-2223)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201908-14.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201908-14 (polkit: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in polkit. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id127963
    published2019-08-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127963
    titleGLSA-201908-14 : polkit: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1135.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1135 advisory. - polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd (CVE-2018-1116) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-08
    modified2020-04-01
    plugin id135060
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135060
    titleRHEL 7 : polkit (RHSA-2020:1135)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-848.NASL
    descriptionThis update for polkit fixes the following issues : Security issue fixed : - CVE-2018-1116: Fix uid comparison lacking in polkit_backend_interactive_authority_check_authorization (bsc#1099031). This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-05
    modified2018-08-10
    plugin id111629
    published2018-08-10
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111629
    titleopenSUSE Security Update : polkit (openSUSE-2018-848)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-83DF5DC658.NASL
    descriptionSecurity fix for CVE-2018-1116. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2018-08-02
    plugin id111471
    published2018-08-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111471
    titleFedora 27 : polkit (2018-83df5dc658)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2018-FEF8A691A6.NASL
    descriptionSecurity fix for CVE-2018-1116. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2019-01-03
    plugin id120939
    published2019-01-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/120939
    titleFedora 28 : polkit (2018-fef8a691a6)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200407_POLKIT_ON_SL7_X.NASL
    description* polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd
    last seen2020-05-08
    modified2020-04-21
    plugin id135828
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135828
    titleScientific Linux Security Update : polkit on SL7.x x86_64 (20200407)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1463.NASL
    descriptionAccording to the versions of the polkit package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.(CVE-2015-3255) - The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.(CVE-2015-3218) - A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.(CVE-2018-19788) - A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorizatio n function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.(CVE-2018-1116) - Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.(CVE-2015-4625) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-30
    modified2020-04-16
    plugin id135625
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135625
    titleEulerOS Virtualization 3.0.2.2 : polkit (EulerOS-SA-2020-1463)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2018-2163-1.NASL
    descriptionThis update for polkit fixes the following issues: Security issue fixed : - CVE-2018-1116: Fix uid comparison lacking in polkit_backend_interactive_authority_check_authorization (bsc#1099031). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2018-08-02
    plugin id111509
    published2018-08-02
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111509
    titleSUSE SLED12 / SLES12 Security Update : polkit (SUSE-SU-2018:2163-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1193.NASL
    descriptionAccording to the versions of the polkit package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.(CVE-2015-3255) - A NULL-pointer dereference flaw was discovered in polkitd. A malicious, local user could exploit this flaw to crash polkitd.(CVE-2015-3218) - A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.(CVE-2018-19788) - It was found that Polkit
    last seen2020-03-19
    modified2020-03-13
    plugin id134482
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134482
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : polkit (EulerOS-SA-2020-1193)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2018-735.NASL
    descriptionThis update for polkit fixes the following issues : - CVE-2018-1116: Fixed trusting the client-supplied UID which could lead to a denial of service (too many dialogs) caused by local attackers (boo#1099031)
    last seen2020-06-05
    modified2018-07-20
    plugin id111193
    published2018-07-20
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/111193
    titleopenSUSE Security Update : polkit (openSUSE-2018-735)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2404.NASL
    descriptionAccording to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorizatio n function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.(CVE-2018-1116) - Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.(CVE-2015-4625) - The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.(CVE-2015-3218) - The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.(CVE-2015-3255) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-12-10
    plugin id131896
    published2019-12-10
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131896
    titleEulerOS 2.0 SP2 : polkit (EulerOS-SA-2019-2404)

Redhat

advisories
bugzilla
id1753037
titleunable to paste anything with systemctl or service start, stop, restart commands in terminal session
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 7 is installed
      ovaloval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • commentpolkit-docs is earlier than 0:0.112-26.el7
          ovaloval:com.redhat.rhsa:tst:20201135001
        • commentpolkit-docs is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110455006
      • AND
        • commentpolkit-devel is earlier than 0:0.112-26.el7
          ovaloval:com.redhat.rhsa:tst:20201135003
        • commentpolkit-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110455004
      • AND
        • commentpolkit is earlier than 0:0.112-26.el7
          ovaloval:com.redhat.rhsa:tst:20201135005
        • commentpolkit is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20110455008
rhsa
idRHSA-2020:1135
released2020-03-31
severityLow
titleRHSA-2020:1135: polkit security and bug fix update (Low)
rpms
  • polkit-0:0.112-26.el7
  • polkit-debuginfo-0:0.112-26.el7
  • polkit-devel-0:0.112-26.el7
  • polkit-docs-0:0.112-26.el7