Vulnerabilities > CVE-2018-1116 - Missing Authorization vulnerability in multiple products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
LOW Summary
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-579.NASL description This update for polkit fixes the following issues : Security issue fixed : - CVE-2018-1116: Fix uid comparison lacking in polkit_backend_interactive_authority_check_authorization (bsc#1099031). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-05-12 modified 2019-03-27 plugin id 123251 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123251 title openSUSE Security Update : polkit (openSUSE-2019-579) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-579. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(123251); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/11"); script_cve_id("CVE-2018-1116"); script_name(english:"openSUSE Security Update : polkit (openSUSE-2019-579)"); script_summary(english:"Check for the openSUSE-2019-579 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for polkit fixes the following issues : Security issue fixed : - CVE-2018-1116: Fix uid comparison lacking in polkit_backend_interactive_authority_check_authorization (bsc#1099031). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1099031" ); script_set_attribute( attribute:"solution", value:"Update the affected polkit packages." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1116"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpolkit0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpolkit0-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpolkit0-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpolkit0-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:polkit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:polkit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:polkit-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:polkit-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:polkit-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:typelib-1_0-Polkit-1_0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.0"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/10"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.0", reference:"libpolkit0-0.114-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"libpolkit0-debuginfo-0.114-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"polkit-0.114-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"polkit-debuginfo-0.114-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"polkit-debugsource-0.114-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"polkit-devel-0.114-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"polkit-devel-debuginfo-0.114-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", reference:"typelib-1_0-Polkit-1_0-0.114-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libpolkit0-32bit-0.114-lp150.2.3.1") ) flag++; if ( rpm_check(release:"SUSE15.0", cpu:"x86_64", reference:"libpolkit0-32bit-debuginfo-0.114-lp150.2.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpolkit0 / libpolkit0-32bit / libpolkit0-32bit-debuginfo / etc"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3717-1.NASL description Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid object paths. A local attacker could possibly use this issue to cause PolicyKit to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3218) It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3255) Tavis Ormandy discovered that PolicyKit incorrectly handled duplicate cookie values. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-4625) Matthias Gerstner discovered that PolicyKit incorrectly checked users. A local attacker could possibly use this issue to cause authentication dialogs to show up for other users, leading to a denial of service or an information leak. (CVE-2018-1116). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2018-07-17 plugin id 111135 published 2018-07-17 reporter Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111135 title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : policykit-1 vulnerabilities (USN-3717-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-3717-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(111135); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id("CVE-2015-3218", "CVE-2015-3255", "CVE-2015-4625", "CVE-2018-1116"); script_xref(name:"USN", value:"3717-1"); script_name(english:"Ubuntu 14.04 LTS / 16.04 LTS / 17.10 / 18.04 LTS : policykit-1 vulnerabilities (USN-3717-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid object paths. A local attacker could possibly use this issue to cause PolicyKit to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3218) It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3255) Tavis Ormandy discovered that PolicyKit incorrectly handled duplicate cookie values. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. (CVE-2015-4625) Matthias Gerstner discovered that PolicyKit incorrectly checked users. A local attacker could possibly use this issue to cause authentication dialogs to show up for other users, leading to a denial of service or an information leak. (CVE-2018-1116). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/3717-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected libpolkit-backend-1-0 package." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libpolkit-backend-1-0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:14.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:17.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/10/26"); script_set_attribute(attribute:"patch_publication_date", value:"2018/07/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/17"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(14\.04|16\.04|17\.10|18\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 14.04 / 16.04 / 17.10 / 18.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"14.04", pkgname:"libpolkit-backend-1-0", pkgver:"0.105-4ubuntu3.14.04.2")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"libpolkit-backend-1-0", pkgver:"0.105-14.1ubuntu0.1")) flag++; if (ubuntu_check(osver:"17.10", pkgname:"libpolkit-backend-1-0", pkgver:"0.105-18ubuntu0.1")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"libpolkit-backend-1-0", pkgver:"0.105-20ubuntu0.18.04.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libpolkit-backend-1-0"); }
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2651.NASL description According to the version of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorizatio n function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.(CVE-2018-1116) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-18 plugin id 132186 published 2019-12-18 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132186 title EulerOS 2.0 SP3 : polkit (EulerOS-SA-2019-2651) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(132186); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2018-1116" ); script_name(english:"EulerOS 2.0 SP3 : polkit (EulerOS-SA-2019-2651)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorizatio n function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.(CVE-2018-1116) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2651 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?035f4565"); script_set_attribute(attribute:"solution", value: "Update the affected polkit package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1116"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:polkit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:polkit-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:polkit-docs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["polkit-0.112-12.h10", "polkit-devel-0.112-12.h10", "polkit-docs-0.112-12.h10"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "polkit"); }
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2020-1135.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1135 advisory. - polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd (CVE-2018-1116) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-06 modified 2020-04-10 plugin id 135345 published 2020-04-10 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135345 title CentOS 7 : polkit (CESA-2020:1135) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1448.NASL description It was discovered that there was a denial of service vulnerability in policykit-1, a framework for managing administrative policies and privileges. For Debian 8 last seen 2020-05-08 modified 2018-07-30 plugin id 111389 published 2018-07-30 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111389 title Debian DLA-1448-1 : policykit-1 security update NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2165-1.NASL description This update for polkit fixes the following issues: Security issue fixed : - CVE-2018-1116: Fix uid comparison lacking in polkit_backend_interactive_authority_check_authorization (bsc#1099031). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-12 modified 2019-01-02 plugin id 120069 published 2019-01-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120069 title SUSE SLED15 / SLES15 Security Update : polkit (SUSE-SU-2018:2165-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2223.NASL description According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorizatio n function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.(CVE-2018-1116) - The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.(CVE-2015-3255) - The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.(CVE-2015-3218) - A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.(CVE-2018-19788) - Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.(CVE-2015-4625) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-11-08 plugin id 130685 published 2019-11-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130685 title EulerOS 2.0 SP5 : polkit (EulerOS-SA-2019-2223) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201908-14.NASL description The remote host is affected by the vulnerability described in GLSA-201908-14 (polkit: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in polkit. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 127963 published 2019-08-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127963 title GLSA-201908-14 : polkit: Multiple vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1135.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1135 advisory. - polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd (CVE-2018-1116) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-08 modified 2020-04-01 plugin id 135060 published 2020-04-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135060 title RHEL 7 : polkit (RHSA-2020:1135) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-848.NASL description This update for polkit fixes the following issues : Security issue fixed : - CVE-2018-1116: Fix uid comparison lacking in polkit_backend_interactive_authority_check_authorization (bsc#1099031). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-05 modified 2018-08-10 plugin id 111629 published 2018-08-10 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111629 title openSUSE Security Update : polkit (openSUSE-2018-848) NASL family Fedora Local Security Checks NASL id FEDORA_2018-83DF5DC658.NASL description Security fix for CVE-2018-1116. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2018-08-02 plugin id 111471 published 2018-08-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111471 title Fedora 27 : polkit (2018-83df5dc658) NASL family Fedora Local Security Checks NASL id FEDORA_2018-FEF8A691A6.NASL description Security fix for CVE-2018-1116. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2019-01-03 plugin id 120939 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120939 title Fedora 28 : polkit (2018-fef8a691a6) NASL family Scientific Linux Local Security Checks NASL id SL_20200407_POLKIT_ON_SL7_X.NASL description * polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd last seen 2020-05-08 modified 2020-04-21 plugin id 135828 published 2020-04-21 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135828 title Scientific Linux Security Update : polkit on SL7.x x86_64 (20200407) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1463.NASL description According to the versions of the polkit package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.(CVE-2015-3255) - The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.(CVE-2015-3218) - A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.(CVE-2018-19788) - A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorizatio n function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.(CVE-2018-1116) - Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.(CVE-2015-4625) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-04-30 modified 2020-04-16 plugin id 135625 published 2020-04-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135625 title EulerOS Virtualization 3.0.2.2 : polkit (EulerOS-SA-2020-1463) NASL family SuSE Local Security Checks NASL id SUSE_SU-2018-2163-1.NASL description This update for polkit fixes the following issues: Security issue fixed : - CVE-2018-1116: Fix uid comparison lacking in polkit_backend_interactive_authority_check_authorization (bsc#1099031). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2018-08-02 plugin id 111509 published 2018-08-02 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111509 title SUSE SLED12 / SLES12 Security Update : polkit (SUSE-SU-2018:2163-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2020-1193.NASL description According to the versions of the polkit package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.(CVE-2015-3255) - A NULL-pointer dereference flaw was discovered in polkitd. A malicious, local user could exploit this flaw to crash polkitd.(CVE-2015-3218) - A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.(CVE-2018-19788) - It was found that Polkit last seen 2020-03-19 modified 2020-03-13 plugin id 134482 published 2020-03-13 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134482 title EulerOS Virtualization for ARM 64 3.0.2.0 : polkit (EulerOS-SA-2020-1193) NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-735.NASL description This update for polkit fixes the following issues : - CVE-2018-1116: Fixed trusting the client-supplied UID which could lead to a denial of service (too many dialogs) caused by local attackers (boo#1099031) last seen 2020-06-05 modified 2018-07-20 plugin id 111193 published 2018-07-20 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/111193 title openSUSE Security Update : polkit (openSUSE-2018-735) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2404.NASL description According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorizatio n function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.(CVE-2018-1116) - Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.(CVE-2015-4625) - The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.(CVE-2015-3218) - The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.(CVE-2015-3255) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-10 plugin id 131896 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131896 title EulerOS 2.0 SP2 : polkit (EulerOS-SA-2019-2404)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116
- https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364
- https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364
- https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html
- https://security.gentoo.org/glsa/201908-14
- https://security.gentoo.org/glsa/201908-14
- https://usn.ubuntu.com/3717-2/
- https://usn.ubuntu.com/3717-2/