CVE-2015-3218
published 2015-10-26CVE-2015-3218: The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a…
PriorityP47low2.1CVSS 2.0
AVLACLAuNCNINAP
EPSS
0.41%
33.2th percentile
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | policykit-1 | < policykit-1 0.105-11 (bookworm) | policykit-1 0.105-11 (bookworm) |
| polkit_project | polkit | <= 0.112 | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
osv2.1LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
vendor_ubuntu2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PolicyKit vulnerabilities
vendor_ubuntu·2018-07-16·CVSS 2.1
CVE-2015-3218 [LOW] PolicyKit vulnerabilities
Title: PolicyKit vulnerabilities
Summary: Several security issues were fixed in PolicyKit.
Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid
object paths. A local attacker could possibly use this issue to cause
PolicyKit to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS. (CVE-2015-3218)
It was discovered that PolicyKit incorrectly handled certain duplicate
action IDs. A local attacker could use this issue to cause PolicyKit to
crash, resulting in a denial of service, or possibly escalate privileges.
This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3255)
Tavis Ormandy discovered that PolicyKit incorrectly handled duplicate
cookie values. A local attacker could use this issue to cause PolicyKit to
crash, resulting in a den
Red Hat
polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent
vendor_redhat·2015-05-29·CVSS 2.1
CVE-2015-3218 [LOW] polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent
polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
A NULL-pointer dereference flaw was discovered in polkitd. A malicious, local user could exploit this flaw to crash polkitd.
Package: polkit (Red Hat Enterprise Linux 6) - Not affected
Package: polkit (Red Hat Enterprise Linux 7) - Will not fix
Debian
CVE-2015-3218: policykit-1 - The authentication_agent_new function in polkitbackend/polkitbackendinteractivea...
vendor_debian·2015·CVSS 2.1
CVE-2015-3218 [LOW] CVE-2015-3218: policykit-1 - The authentication_agent_new function in polkitbackend/polkitbackendinteractivea...
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
Scope: local
bookworm: resolved (fixed in 0.105-11)
bullseye: resolved (fixed in 0.105-11)
forky: resolved (fixed in 0.105-11)
sid: resolved (fixed in 0.105-11)
trixie: resolved (fixed in 0.105-11)
GHSA
GHSA-q9cc-g5q2-4hhx: The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority
ghsa_unreviewed·2022-05-14
CVE-2015-3218 [LOW] GHSA-q9cc-g5q2-4hhx: The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
OSV
policykit-1 vulnerabilities
osv·2018-07-16·CVSS 2.1
CVE-2015-3218 [LOW] policykit-1 vulnerabilities
policykit-1 vulnerabilities
Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid
object paths. A local attacker could possibly use this issue to cause
PolicyKit to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS. (CVE-2015-3218)
It was discovered that PolicyKit incorrectly handled certain duplicate
action IDs. A local attacker could use this issue to cause PolicyKit to
crash, resulting in a denial of service, or possibly escalate privileges.
This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3255)
Tavis Ormandy discovered that PolicyKit incorrectly handled duplicate
cookie values. A local attacker could use this issue to cause PolicyKit to
crash, resulting in a denial of service, or possibly escalate privileges.
This issue only
OSV
CVE-2015-3218: The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority
osv·2015-10-26·CVSS 2.1
CVE-2015-3218 [LOW] CVE-2015-3218: The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-3218 polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent
bugzilla·2015-06-05·CVSS 2.1
CVE-2015-3218 [LOW] CVE-2015-3218 polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent
CVE-2015-3218 polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent
It was reported that polkitd dumps core if you set an invalid object
path when calling RegisterAuthenticationAgent.
It allows local authenticated users to perform a denial of service attack.
Original report: http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html
SUggested patch is available: http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html
Discussion:
Created polkit tracking bugs for this issue:
Affects: fedora-all [bug 1228739]
---
Commit fixing this:
http://cgit.freedesktop.org/polkit/commit/src/polkitbackend/polkitbackendinteractiveauthority.c?id=48e646918efb2bf0b3b505747655726d7869f31c
---
It looks like this was introduced via http
Bugzilla
CVE-2015-3218 polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent [fedora-all]
bugzilla·2015-06-05·CVSS 2.1
CVE-2015-3218 [LOW] CVE-2015-3218 polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent [fedora-all]
CVE-2015-3218 polkit: crash authentication_agent_new with invalid object path in RegisterAuthenticationAgent [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this i
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.htmlhttp://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.htmlhttp://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.htmlhttp://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.htmlhttp://lists.opensuse.org/opensuse-updates/2015-11/msg00042.htmlhttp://www.securityfocus.com/bid/76086http://www.securitytracker.com/id/1035023https://usn.ubuntu.com/3717-1/http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.htmlhttp://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.htmlhttp://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.htmlhttp://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.htmlhttp://lists.opensuse.org/opensuse-updates/2015-11/msg00042.htmlhttp://www.securityfocus.com/bid/76086http://www.securitytracker.com/id/1035023https://usn.ubuntu.com/3717-1/
2015-10-26
Published