CVE-2011-4945 — Policykit-1 vulnerability

CWE-2646 documents6 sources

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 88.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Policykit-1 Michael Biebl Policykit

Timeline

PublishedOct 1

Latest updateMay 17

Description

PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

▶debiandebian/policykit-1< policykit-1 0.103-1 (bookworm)

▶NVDmichael_biebl/policykit0.103

🔴Vulnerability Details

GHSA

GHSA-7wrh-wgmh-6x48: PolicyKit 0↗2022-05-17

▶

OSV

CVE-2011-4945: PolicyKit 0↗2012-10-01

▶

📋Vendor Advisories

Red Hat

polkit: Members of 'wheel' group allowed to become root without providing a password↗2011-12-09

▶

Debian

CVE-2011-4945: policykit-1 - PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows loc...↗2011

▶

💬Community

Bugzilla

CVE-2011-4945 polkit: Members of 'wheel' group allowed to become root without providing a password↗2012-03-28

▶