Lucene search

[email protected]CVE-2011-1485

HistoryMay 31, 2011 - 8:55 p.m.

CVE-2011-1485

2011-05-3120:55:00

CWE-362

[email protected]

web.nvd.nist.gov

cve-2011-1485

policykit

polkit

pkexec

local privilege escalation

race condition

nvd

security vulnerability

6.1 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

33.6%

JSON

Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.

CPENameOperatorVersion
redhat:policykitredhat policykiteq0.96

CPE	Name	Operator	Version
redhat:policykit	redhat policykit	eq	0.96

References

lists.fedoraproject.org/pipermail/package-announce/2011-April/058752.html

lists.fedoraproject.org/pipermail/package-announce/2011-May/059859.html

secunia.com/advisories/48817

security.gentoo.org/glsa/glsa-201204-06.xml

securityreason.com/securityalert/8424

www.debian.org/security/2011/dsa-2319

www.mandriva.com/security/advisories?name=MDVSA-2011:086

www.redhat.com/support/errata/RHSA-2011-0455.html

www.ubuntu.com/usn/USN-1117-1

bugzilla.redhat.com/show_bug.cgi?id=692922

6.1 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

33.6%

JSON

CVE-2011-1485

References

Related