Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1485Race Condition in Policykit-1

CWE-362Race Condition13 documents10 sources
Severity
6.9MEDIUMNVD
EPSS
7.5%
top 8.17%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Debian Policykit-1Redhat Policykit
Timeline
PublishedMay 31
Latest updateMay 17

Description

Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

debiandebian/policykit-1< policykit-1 0.101-4 (bookworm)

Patches

Patch: lists.fedoraproject.orgPatch: lists.fedoraproject.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-mjm4-2fq8-2392: Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 02022-05-17
OSV
CVE-2011-1485: Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 02011-05-31

💥Exploits & PoCs

4
Exploit-DB
Linux PolicyKit - Race Condition Privilege Escalation (Metasploit)2014-10-20
Exploit-DB
pkexec - Race Condition Privilege Escalation2011-10-08
Exploit-DB
PolicyKit polkit-1 < 0.101 - Local Privilege Escalation2011-10-05
Metasploit
Linux PolicyKit Race Condition Privilege Escalation

📋Vendor Advisories

3
Red Hat
polkit: polkitd/pkexec vulnerability2011-04-19
Ubuntu
PolicyKit vulnerability2011-04-19
Debian
CVE-2011-1485: policykit-1 - Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit...2011

📄Research Papers

1
CTF
AdventOfCyber2 / README

💬Community

2
Bugzilla
CVE-2011-1485 polkitd/pkexec vulnerability [fedora-all]2011-04-19
Bugzilla
CVE-2011-1485 polkit: polkitd/pkexec vulnerability2011-04-01