CVE-2018-1116
published 2018-07-10CVE-2018-1116: A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows…
PriorityP419medium4.4CVSS 3.1
AVLACLPRLUINSUCLINAL
EPSS
1.20%
64.2th percentile
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | policykit-1 | < policykit-1 0.105-21 (bookworm) | policykit-1 0.105-21 (bookworm) |
| polkit_project | polkit | < 0.115 | 0.115 |
CVSS provenance
nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
nvdv3.04.7MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:P/I:N/A:P
osv4.4MEDIUM
vendor_ubuntu4.6MEDIUM
vendor_debian4.4MEDIUM
vendor_redhat4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PolicyKit vulnerabilities
vendor_ubuntu·2018-07-17·CVSS 4.6
CVE-2015-3255 [MEDIUM] PolicyKit vulnerabilities
Title: PolicyKit vulnerabilities
Summary: Several security issues were fixed in PolicyKit.
USN-3717-1 fixed a vulnerability in PolicyKit. This update provides
the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that PolicyKit incorrectly handled certain duplicate
action IDs. A local attacker could use this issue to cause PolicyKit to
crash, resulting in a denial of service, or possibly escalate privileges.
(CVE-2015-3255)
Matthias Gerstner discovered that PolicyKit incorrectly checked users. A
local attacker could possibly use this issue to cause authentication
dialogs to show up for other users, leading to a denial of service or an
information leak. (CVE-2018-1116)
Instructions: After a standard system update you need to reboot your computer t
Ubuntu
PolicyKit vulnerabilities
vendor_ubuntu·2018-07-16·CVSS 2.1
CVE-2015-3218 [LOW] PolicyKit vulnerabilities
Title: PolicyKit vulnerabilities
Summary: Several security issues were fixed in PolicyKit.
Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid
object paths. A local attacker could possibly use this issue to cause
PolicyKit to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS. (CVE-2015-3218)
It was discovered that PolicyKit incorrectly handled certain duplicate
action IDs. A local attacker could use this issue to cause PolicyKit to
crash, resulting in a denial of service, or possibly escalate privileges.
This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3255)
Tavis Ormandy discovered that PolicyKit incorrectly handled duplicate
cookie values. A local attacker could use this issue to cause PolicyKit to
crash, resulting in a den
Red Hat
polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd
vendor_redhat·2018-07-10·CVSS 4.4
CVE-2018-1116 [MEDIUM] CWE-285 polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd
polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.
It was found that Polkit's CheckAuthorization and RegisterAuthenticationAgent D-Bus calls did not validate the client provided UID. A specially crafted program could use this flaw to submit arbitrary UIDs, triggering various denial of service or minor disclosures, such as which authentication is cached in the victim's session.
Package: polkit (Red Hat Enterprise Linu
Debian
CVE-2018-1116: policykit-1 - A flaw was found in polkit before version 0.116. The implementation of the polki...
vendor_debian·2018·CVSS 4.4
CVE-2018-1116 [MEDIUM] CVE-2018-1116: policykit-1 - A flaw was found in polkit before version 0.116. The implementation of the polki...
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.
Scope: local
bookworm: resolved (fixed in 0.105-21)
bullseye: resolved (fixed in 0.105-21)
forky: resolved (fixed in 0.105-21)
sid: resolved (fixed in 0.105-21)
trixie: resolved (fixed in 0.105-21)
GHSA
GHSA-hjrh-286v-8qr4: A flaw was found in polkit before version 0
ghsa_unreviewed·2022-05-13
CVE-2018-1116 [MEDIUM] CWE-862 GHSA-hjrh-286v-8qr4: A flaw was found in polkit before version 0
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.
OSV
policykit-1 vulnerabilities
osv·2018-07-16·CVSS 2.1
CVE-2015-3218 [LOW] policykit-1 vulnerabilities
policykit-1 vulnerabilities
Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid
object paths. A local attacker could possibly use this issue to cause
PolicyKit to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS. (CVE-2015-3218)
It was discovered that PolicyKit incorrectly handled certain duplicate
action IDs. A local attacker could use this issue to cause PolicyKit to
crash, resulting in a denial of service, or possibly escalate privileges.
This issue only affected Ubuntu 14.04 LTS. (CVE-2015-3255)
Tavis Ormandy discovered that PolicyKit incorrectly handled duplicate
cookie values. A local attacker could use this issue to cause PolicyKit to
crash, resulting in a denial of service, or possibly escalate privileges.
This issue only
OSV
CVE-2018-1116: A flaw was found in polkit before version 0
osv·2018-07-10·CVSS 4.4
CVE-2018-1116 [MEDIUM] CVE-2018-1116: A flaw was found in polkit before version 0
A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-1116 polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd [fedora-all]
bugzilla·2018-07-10·CVSS 4.4
CVE-2018-1116 [MEDIUM] CVE-2018-1116 polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd [fedora-all]
CVE-2018-1116 polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd [fedora-all]
Use the following template to for the 'fedpkg update' request to submit an
update for this issue as it contains the top-level parent bug(s) as well as
this tracking bug. This will ensure that all associated bugs get updated
when new packages are pushed to stable.
# bugfix, security, enhancement, newpackage (required)
type=security
# testing, stable
request=testing
# Bug numbers: 1234,9876
bugs=1595404,1599790
# Description of your update
notes=Security fix for [PUT CVEs HERE]
# Enable request automation based on the stable/unstable karma thresholds
autokarma=True
stable_karma=3
unstable_karma=-3
# Automatically close bugs when this marked as stab
Bugzilla
CVE-2018-1116 polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd
bugzilla·2018-06-26·CVSS 4.4
CVE-2018-1116 [MEDIUM] CVE-2018-1116 polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd
CVE-2018-1116 polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd
A flaw was found in polkit. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.
Discussion:
Upstream fix:
https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364
---
Created polkit tracking bugs for this issue:
Affects: fedora-all [bug 1599790]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:1135 https://access.redhat.com/errata/RHSA-2020:1135
---
This bug is now closed. Further updates
Bugzilla
CVE-2018-7755 kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c
bugzilla·2018-03-08·CVSS 5.5
CVE-2018-7755 [MEDIUM] CVE-2018-7755 kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c
CVE-2018-7755 kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c
An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.
References:
https://lkml.org/lkml/2018/3/7/1116
https://marc.info/?l=linux-kernel&m=152046737321740&w=2
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1553217]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2019:202
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364https://lists.debian.org/debian-lts-announce/2018/07/msg00042.htmlhttps://security.gentoo.org/glsa/201908-14https://usn.ubuntu.com/3717-2/https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364https://lists.debian.org/debian-lts-announce/2018/07/msg00042.htmlhttps://security.gentoo.org/glsa/201908-14https://usn.ubuntu.com/3717-2/
2018-07-10
Published