CVE-2018-1116Improper Authorization in Project Polkit

CWE-285Improper AuthorizationCWE-862Missing Authorization11 documents8 sources
Severity
4.4MEDIUMNVD
EPSS
0.1%
top 79.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Polkit Project PolkitCanonical Ubuntu LinuxDebian Linux
Timeline
PublishedJul 10
Latest updateMay 13

Description

A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:LExploitability: 1.8 | Impact: 2.5

Affected Packages1 packages

Also affects: Debian Linux 8.0, Ubuntu Linux 12.04

Patches

Patch: bugzilla.redhat.comPatch: cgit.freedesktop.orgPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-hjrh-286v-8qr4: A flaw was found in polkit before version 02022-05-13
OSV
CVE-2018-1116: A flaw was found in polkit before version 02018-07-10
CVEList
CVE-2018-1116: A flaw was found in polkit before version 02018-07-10

📋Vendor Advisories

4
Ubuntu
PolicyKit vulnerabilities2018-07-17
Ubuntu
PolicyKit vulnerabilities2018-07-16
Red Hat
polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd2018-07-10
Debian
CVE-2018-1116: policykit-1 - A flaw was found in polkit before version 0.116. The implementation of the polki...2018

💬Community

3
Bugzilla
CVE-2018-1116 polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd [fedora-all]2018-07-10
Bugzilla
CVE-2018-1116 polkit: Improper authorization in polkit_backend_interactive_authority_check_authorization function in polkitd2018-06-26
Bugzilla
CVE-2018-7755 kernel: Information exposure in fd_locked_ioctl function in drivers/block/floppy.c2018-03-08
CVE-2018-1116 — Improper Authorization | cvebase