Lucene search

[email protected]CVE-2015-3256

HistoryOct 26, 2015 - 7:59 p.m.

CVE-2015-3256

2015-10-2619:59:04

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-3256

policykit

polkit

denial of service

memory corruption

crash

privilege escalation

javascript rule evaluation

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to “javascript rule evaluation.”

Affected configurations

NVD

Node

polkit_projectpolkitRange≤0.112

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

CPENameOperatorVersion
polkit_project:polkitpolkit project polkitle0.112

CPE	Name	Operator	Version
polkit_project:polkit	polkit project polkit	le	0.112

References

lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html

lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html

lists.opensuse.org/opensuse-updates/2015-11/msg00042.html

rhn.redhat.com/errata/RHSA-2016-0189.html

www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

www.securityfocus.com/bid/77356

www.securitytracker.com/id/1035023

bugzilla.redhat.com/show_bug.cgi?id=1245684

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2015-3256

redhat1 nessus10 openvas8 nvd1 debiancve1 oraclelinux1 centos1 ubuntucve1 prion1 cvelist1 ibm1 suse1 fedora2 freebsd1 mageia1