Vulnerability Details CVE-2019-6133
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 4.8%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 4.4
References
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html
- http://www.securityfocus.com/bid/106537
- https://access.redhat.com/errata/RHSA-2019:0230
- https://access.redhat.com/errata/RHSA-2019:0420
- https://access.redhat.com/errata/RHSA-2019:0832
- https://access.redhat.com/errata/RHSA-2019:2699
- https://access.redhat.com/errata/RHSA-2019:2978
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
- https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf
- https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
- https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
- https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
- https://support.f5.com/csp/article/K22715344
- https://usn.ubuntu.com/3901-1/
- https://usn.ubuntu.com/3901-2/
- https://usn.ubuntu.com/3903-1/
- https://usn.ubuntu.com/3903-2/
- https://usn.ubuntu.com/3908-1/
- https://usn.ubuntu.com/3908-2/
- https://usn.ubuntu.com/3910-1/
- https://usn.ubuntu.com/3910-2/
- https://usn.ubuntu.com/3934-1/
- https://usn.ubuntu.com/3934-2/
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html
- http://www.securityfocus.com/bid/106537
- https://access.redhat.com/errata/RHSA-2019:0230
- https://access.redhat.com/errata/RHSA-2019:0420
- https://access.redhat.com/errata/RHSA-2019:0832
- https://access.redhat.com/errata/RHSA-2019:2699
- https://access.redhat.com/errata/RHSA-2019:2978
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
- https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf
- https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
- https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
- https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
- https://support.f5.com/csp/article/K22715344
- https://usn.ubuntu.com/3901-1/
- https://usn.ubuntu.com/3901-2/
- https://usn.ubuntu.com/3903-1/
- https://usn.ubuntu.com/3903-2/
- https://usn.ubuntu.com/3908-1/
- https://usn.ubuntu.com/3908-2/
- https://usn.ubuntu.com/3910-1/
- https://usn.ubuntu.com/3910-2/
- https://usn.ubuntu.com/3934-1/
- https://usn.ubuntu.com/3934-2/
Products affected by CVE-2019-6133
-
cpe:2.3:a:polkit_project:polkit:0.115
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.10
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
-
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server:6.0
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6
-
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
-
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0