ALT-PU-2024-8527-1
Closed vulnerabilities
BDU:2019-00885
Уязвимость программной платформы для управления административными политиками и привилегиями Policykit, связанная с ошибками при обработке больших значений идентификаторов пользователей, позволяющая нарушителю обойти процедуру аутентификации
BDU:2019-01338
Уязвимость библиотеки Polkit операционных систем Linux, позволяющая нарушителю выполнить произвольные команды
BDU:2021-03207
Уязвимость функции polkit_system_bus_name_get_creds_sync() демона dbus-daemon библиотеки Polkit, позволяющая нарушителю повысить свои привилегии
BDU:2022-00488
Уязвимость библиотеки Polkit и инструмента песочницы Bubblewrap, вызванная переполнением буфера на стеке, позволяющая нарушителю повысить свои привилегии до уровня суперпользователя
BDU:2022-01462
Уязвимость библиотеки Polkit, связанная с неконтролируемым расодом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2018-19788
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
- RHSA-2019:2046
- RHSA-2019:2046
- RHSA-2019:3232
- RHSA-2019:3232
- https://bugs.debian.org/915332
- https://bugs.debian.org/915332
- https://gitlab.freedesktop.org/polkit/polkit/issues/74
- https://gitlab.freedesktop.org/polkit/polkit/issues/74
- [debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update
- [debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update
- GLSA-201908-14
- GLSA-201908-14
- https://security.netapp.com/advisory/ntap-20240816-0001/
- USN-3861-1
- USN-3861-1
- USN-3861-2
- USN-3861-2
- DSA-4350
- DSA-4350
Modified: 2024-11-21
CVE-2019-6133
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
- openSUSE-SU-2019:1914
- openSUSE-SU-2019:1914
- 106537
- 106537
- RHSA-2019:0230
- RHSA-2019:0230
- RHSA-2019:0420
- RHSA-2019:0420
- RHSA-2019:0832
- RHSA-2019:0832
- RHSA-2019:2699
- RHSA-2019:2699
- RHSA-2019:2978
- RHSA-2019:2978
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
- https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf
- https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf
- https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
- https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
- https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
- https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
- [debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update
- [debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update
- https://support.f5.com/csp/article/K22715344
- https://support.f5.com/csp/article/K22715344
- USN-3901-1
- USN-3901-1
- USN-3901-2
- USN-3901-2
- USN-3903-1
- USN-3903-1
- USN-3903-2
- USN-3903-2
- USN-3908-1
- USN-3908-1
- USN-3908-2
- USN-3908-2
- USN-3910-1
- USN-3910-1
- USN-3910-2
- USN-3910-2
- USN-3934-1
- USN-3934-1
- USN-3934-2
- USN-3934-2
Modified: 2025-04-03
CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html
- http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html
- http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html
- http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1961710
- https://bugzilla.redhat.com/show_bug.cgi?id=1961710
- https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
- https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
Modified: 2025-04-03
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
- http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
- http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
- http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
- http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
- https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
- https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
- https://bugzilla.redhat.com/show_bug.cgi?id=2025869
- https://bugzilla.redhat.com/show_bug.cgi?id=2025869
- https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
- https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
- https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
- https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
- https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
- https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
- https://www.starwindsoftware.com/security/sw-20220818-0001/
- https://www.starwindsoftware.com/security/sw-20220818-0001/
- https://www.suse.com/support/kb/doc/?id=000020564
- https://www.suse.com/support/kb/doc/?id=000020564
- https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034
Modified: 2024-11-21
CVE-2021-4115
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
- http://packetstormsecurity.com/files/172849/polkit-File-Descriptor-Exhaustion.html
- http://packetstormsecurity.com/files/172849/polkit-File-Descriptor-Exhaustion.html
- https://access.redhat.com/security/cve/cve-2021-4115
- https://access.redhat.com/security/cve/cve-2021-4115
- https://gitlab.com/redhat/centos-stream/rpms/polkit/-/merge_requests/6/diffs?commit_id=bf900df04dc390d389e59aa10942b0f2b15c531e
- https://gitlab.com/redhat/centos-stream/rpms/polkit/-/merge_requests/6/diffs?commit_id=bf900df04dc390d389e59aa10942b0f2b15c531e
- https://gitlab.freedesktop.org/polkit/polkit/-/issues/141
- https://gitlab.freedesktop.org/polkit/polkit/-/issues/141
- FEDORA-2022-5e6d5fe680
- FEDORA-2022-5e6d5fe680
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Closed bugs
Polkit не проверяет список групп пользователя, назначенныx через NSS.