ID:4396 - Exploit for Race condition in PolicyKit - CVE-2011-1485

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:4396 - Exploit for Race condition in PolicyKit - CVE-2011-1485

ID:4396 - Exploit for Race condition in PolicyKit - CVE-2011-1485

Published: August 11, 2020


Vulnerability identifier: #VU45010
Vulnerability risk: High
CVE-ID: CVE-2011-1485
CWE-ID: CWE-362
Exploitation vector: Remote access
Vulnerable software:
PolicyKit

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.


Remediation

Install update from vendor's website.