CVE-2019-6133 - OpenCVE

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Polkit Project	Polkit
Redhat	Enterprise Linux Server Enterprise Linux Server Eus Enterprise Linux Server Tus Enterprise Linux Desktop Enterprise Linux Workstation Enterprise Linux Server Aus
Canonical	Ubuntu Linux
Debian	Debian Linux

Configuration 1 [-]

cpe:2.3:a:polkit_project:polkit:0.115:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html
http://www.securityfocus.com/bid/106537	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:0230	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0420	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:0832	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2699
https://access.redhat.com/errata/RHSA-2019:2978
https://bugs.chromium.org/p/project-zero/issues/detail?id=1692	Issue Tracking Mailing List Third Party Advisory
https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf	Patch Third Party Advisory
https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81	Patch Third Party Advisory
https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19	Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
https://support.f5.com/csp/article/K22715344	Third Party Advisory
https://usn.ubuntu.com/3901-1/	Third Party Advisory
https://usn.ubuntu.com/3901-2/	Third Party Advisory
https://usn.ubuntu.com/3903-1/	Third Party Advisory
https://usn.ubuntu.com/3903-2/	Third Party Advisory
https://usn.ubuntu.com/3908-1/	Third Party Advisory
https://usn.ubuntu.com/3908-2/	Third Party Advisory
https://usn.ubuntu.com/3910-1/	Third Party Advisory
https://usn.ubuntu.com/3910-2/	Third Party Advisory
https://usn.ubuntu.com/3934-1/	Third Party Advisory
https://usn.ubuntu.com/3934-2/