|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-19788
|Public exploit||Public exploit code for vulnerability #1 is available.|
|Vulnerable software versions||
Debian Linux -
The vulnerability allows a local authenticated attacker to execute arbitrary commands on the target system.
The vulnerability exists due to PolicyKit's improper validation of permission requests for any low-privileged user with UID greater than INT_MAX, a constant in computer programming that defines what maximum value an integer variable can store, which equals to 2147483647 (in hexadecimal 0x7FFFFFFF). A local authenticated attacker with a uid greater than INT_MAX can execute any systemctl command.Remediation
Update the affected package to version: 0.105-18+deb9u1External links