Vulnerability Details CVE-2011-4945
PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 25.6%
CVSS Severity
CVSS v2 Score 6.9
References
- http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9
- http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch
- http://secunia.com/advisories/48817
- http://security.gentoo.org/glsa/glsa-201204-06.xml
- http://www.mail-archive.com/polkit-devel%40lists.freedesktop.org/msg00327.html
- http://www.openwall.com/lists/oss-security/2012/03/28/1
- http://www.openwall.com/lists/oss-security/2012/03/28/2
- https://bugs.gentoo.org/show_bug.cgi?id=401513
- https://launchpad.net/ubuntu/+source/policykit-1/0.103-1
- http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9
- http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch
- http://secunia.com/advisories/48817
- http://security.gentoo.org/glsa/glsa-201204-06.xml
- http://www.mail-archive.com/polkit-devel%40lists.freedesktop.org/msg00327.html
- http://www.openwall.com/lists/oss-security/2012/03/28/1
- http://www.openwall.com/lists/oss-security/2012/03/28/2
- https://bugs.gentoo.org/show_bug.cgi?id=401513
- https://launchpad.net/ubuntu/+source/policykit-1/0.103-1
Products affected by CVE-2011-4945
-
cpe:2.3:a:michael_biebl:policykit:0.103