CVE-2015-3256
published 2015-10-26CVE-2015-3256: PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges…
PriorityP417medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EPSS
0.35%
27.2th percentile
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | policykit-1 | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| polkit_project | polkit | <= 0.112 | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_debian4.6LOW
vendor_redhat4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-779g-mjcq-vffm: PolicyKit (aka polkit) before 0
ghsa_unreviewed·2022-05-14
CVE-2015-3256 [MEDIUM] GHSA-779g-mjcq-vffm: PolicyKit (aka polkit) before 0
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
Red Hat
polkit: Memory corruption via javascript rule evaluation
vendor_redhat·2015-07-02·CVSS 4.6
CVE-2015-3256 [MEDIUM] polkit: Memory corruption via javascript rule evaluation
polkit: Memory corruption via javascript rule evaluation
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
A denial of service flaw was found in how polkit handled authorization requests. A local, unprivileged user could send malicious requests to polkit, which could then cause the polkit daemon to corrupt its memory and crash.
Package: polkit (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2015-3256: policykit-1 - PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of serv...
vendor_debian·2015·CVSS 4.6
CVE-2015-3256 [MEDIUM] CVE-2015-3256: policykit-1 - PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of serv...
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.htmlhttp://lists.opensuse.org/opensuse-updates/2015-11/msg00042.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0189.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/77356http://www.securitytracker.com/id/1035023https://bugzilla.redhat.com/show_bug.cgi?id=1245684http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.htmlhttp://lists.opensuse.org/opensuse-updates/2015-11/msg00042.htmlhttp://rhn.redhat.com/errata/RHSA-2016-0189.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/77356http://www.securitytracker.com/id/1035023https://bugzilla.redhat.com/show_bug.cgi?id=1245684
2015-10-26
Published