Errata ALT-PU-2023-7907-1: Information
Fixes
Published: Dec. 2, 2018
BDU:2019-00885
Уязвимость программной платформы для управления административными политиками и привилегиями Policykit, связанная с ошибками при обработке больших значений идентификаторов пользователей, позволяющая нарушителю обойти процедуру аутентификации
Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Oct. 11, 2018
BDU:2019-01338
Уязвимость библиотеки Polkit операционных систем Linux, позволяющая нарушителю выполнить произвольные команды
Severity: MEDIUM (6.7) Vector: AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Links:
Published: June 3, 2021
BDU:2021-03207
Уязвимость функции polkit_system_bus_name_get_creds_sync() демона dbus-daemon библиотеки Polkit, позволяющая нарушителю повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 25, 2022
BDU:2022-00488
Уязвимость библиотеки Polkit и инструмента песочницы Bubblewrap, вызванная переполнением буфера на стеке, позволяющая нарушителю повысить свои привилегии до уровня суперпользователя
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: March 13, 2022
BDU:2022-01462
Уязвимость библиотеки Polkit, связанная с неконтролируемым расодом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: Dec. 3, 2018
Modified: Aug. 6, 2019
Modified: Aug. 6, 2019
CVE-2018-19788
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
Severity: HIGH (8.8) Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 11, 2019
Modified: Aug. 24, 2020
Modified: Aug. 24, 2020
CVE-2019-6133
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
Severity: MEDIUM (6.7) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Links:
- https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
- https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81
- https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1692
- 106537
- [debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update
- RHSA-2019:0230
- RHSA-2019:0420
- USN-3901-2
- USN-3901-1
- USN-3903-2
- USN-3903-1
- USN-3908-1
- USN-3908-2
- USN-3910-2
- USN-3910-1
- https://support.f5.com/csp/article/K22715344
- USN-3934-1
- RHSA-2019:0832
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update
- [debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update
- openSUSE-SU-2019:1914
- USN-3934-2
- RHSA-2019:2699
- RHSA-2019:2978
Published: Feb. 16, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Jan. 28, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-4034
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
- https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
- https://bugzilla.redhat.com/show_bug.cgi?id=2025869
- https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
- http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
- http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
- https://www.suse.com/support/kb/doc/?id=000020564
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
- https://www.starwindsoftware.com/security/sw-20220818-0001/
- https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
Published: Feb. 22, 2022
Modified: Nov. 7, 2023
Modified: Nov. 7, 2023
CVE-2021-4115
There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://access.redhat.com/security/cve/cve-2021-4115
- https://gitlab.com/redhat/centos-stream/rpms/polkit/-/merge_requests/6/diffs?commit_id=bf900df04dc390d389e59aa10942b0f2b15c531e
- https://gitlab.freedesktop.org/polkit/polkit/-/issues/141
- https://www.oracle.com/security-alerts/cpujul2022.html
- http://packetstormsecurity.com/files/172849/polkit-File-Descriptor-Exhaustion.html
- FEDORA-2022-5e6d5fe680