CVE-2015-3255
published 2015-10-26CVE-2015-3255: The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain…
PriorityP418medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.36%
28.4th percentile
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | policykit-1 | < policykit-1 0.105-12 (bookworm) | policykit-1 0.105-12 (bookworm) |
| polkit_project | polkit | <= 0.112 | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv4.6MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
vendor_ubuntu4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PolicyKit vulnerabilities
vendor_ubuntu·2018-07-17·CVSS 4.6
CVE-2015-3255 [MEDIUM] PolicyKit vulnerabilities
Title: PolicyKit vulnerabilities
Summary: Several security issues were fixed in PolicyKit.
USN-3717-1 fixed a vulnerability in PolicyKit. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that PolicyKit incorrectly handled certain duplicate
action IDs. A local attacker could use this issue to cause PolicyKit to
crash, resulting in a denial of service, or possibly escalate privileges.
(CVE-2015-3255)
Matthias Gerstner discovered that PolicyKit incorrectly checked users. A
local attacker could possibly use this issue to cause authentication
dialogs to show up for other users, leading to a denial of service or an
information leak. (CVE-2018-1116)
Instructions: After a standard system update you need to reboot your computer t
Ubuntu
PolicyKit vulnerabilities
vendor_ubuntu·2018-07-16·CVSS 2.1
CVE-2015-3218 [LOW] PolicyKit vulnerabilities
Title: PolicyKit vulnerabilities
Summary: Several security issues were fixed in PolicyKit.
Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid
object paths. A local attacker could possibly use this issue to cause
PolicyKit to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS. (CVE-2015-3218)
It was discovered that PolicyKit incorrectly handled certain duplicate
action IDs. A local attacker could use this issue to cause PolicyKit to
crash, resulting in a denial of service, or possibly escalate privileges.
This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3255)
Tavis Ormandy discovered that PolicyKit incorrectly handled duplicate
cookie values. A local attacker could use this issue to cause PolicyKit to
crash, resulting in a den
Debian
CVE-2015-3255: policykit-1 - The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactio...
vendor_debian·2015·CVSS 4.6
CVE-2015-3255 [MEDIUM] CVE-2015-3255: policykit-1 - The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactio...
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
Scope: local
bookworm: resolved (fixed in 0.105-12)
bullseye: resolved (fixed in 0.105-12)
forky: resolved (fixed in 0.105-12)
sid: resolved (fixed in 0.105-12)
trixie: resolved (fixed in 0.105-12)
Red Hat
polkit: Heap-corruption on duplicate ids
vendor_redhat·2014-09-07·CVSS 4.6
CVE-2015-3255 [MEDIUM] polkit: Heap-corruption on duplicate ids
polkit: Heap-corruption on duplicate ids
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
Package: polkit (Red Hat Enterprise Linux 6) - Will not fix
Package: polkit (Red Hat Enterprise Linux 7) - Will not fix
GHSA
GHSA-3hwj-36x6-3356: The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool
ghsa_unreviewed·2022-05-14
CVE-2015-3255 [MEDIUM] GHSA-3hwj-36x6-3356: The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
OSV
policykit-1 vulnerabilities
osv·2018-07-16·CVSS 2.1
CVE-2015-3218 [LOW] policykit-1 vulnerabilities
policykit-1 vulnerabilities
Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid
object paths. A local attacker could possibly use this issue to cause
PolicyKit to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS. (CVE-2015-3218)
It was discovered that PolicyKit incorrectly handled certain duplicate
action IDs. A local attacker could use this issue to cause PolicyKit to
crash, resulting in a denial of service, or possibly escalate privileges.
This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3255)
Tavis Ormandy discovered that PolicyKit incorrectly handled duplicate
cookie values. A local attacker could use this issue to cause PolicyKit to
crash, resulting in a denial of service, or possibly escalate privileges.
This issue only
OSV
CVE-2015-3255: The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool
osv·2015-10-26·CVSS 4.6
CVE-2015-3255 [MEDIUM] CVE-2015-3255: The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
No detection rules found.
No public exploits indexed.
http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.htmlhttp://lists.opensuse.org/opensuse-updates/2015-11/msg00042.htmlhttp://www.securitytracker.com/id/1035023https://bugs.freedesktop.org/show_bug.cgi?id=83590https://bugzilla.redhat.com/show_bug.cgi?id=1245673https://security.gentoo.org/glsa/201611-07https://usn.ubuntu.com/3717-2/http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.htmlhttp://lists.opensuse.org/opensuse-updates/2015-11/msg00042.htmlhttp://www.securitytracker.com/id/1035023https://bugs.freedesktop.org/show_bug.cgi?id=83590https://bugzilla.redhat.com/show_bug.cgi?id=1245673https://security.gentoo.org/glsa/201611-07https://usn.ubuntu.com/3717-2/
2015-10-26
Published