Lucene search

[email protected]NVD:CVE-2015-3255

HistoryOct 26, 2015 - 7:59 p.m.

CVE-2015-3255

2015-10-2619:59:02

CWE-264

[email protected]

web.nvd.nist.gov

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.

Affected configurations

NVD

Node

polkit_projectpolkitRange≤0.112

References

lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html

lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html

lists.opensuse.org/opensuse-updates/2015-11/msg00042.html

www.securitytracker.com/id/1035023

bugs.freedesktop.org/show_bug.cgi?id=83590

bugzilla.redhat.com/show_bug.cgi?id=1245673

security.gentoo.org/glsa/201611-07

usn.ubuntu.com/3717-2/

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2015-3255

ubuntucve1 prion1 gentoo1 debiancve1 nessus15 cvelist1 cve1 ubuntu2 openvas12 fedora2 suse1 freebsd1 mageia1