Permissions, Privileges, and Access Controls in PolicyKit - CVE-2011-4945
Published: October 2, 2012 / Updated: August 11, 2020
Vulnerability identifier: #VU43447
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2011-4945
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Freedesktop.org
Affected software:
PolicyKit
PolicyKit
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication.
How to mitigate CVE-2011-4945
Install update from vendor's website.
Sources
- http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9
- http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch
- http://secunia.com/advisories/48817
- http://security.gentoo.org/glsa/glsa-201204-06.xml
- http://www.mail-archive.com/polkit-devel@lists.freedesktop.org/msg00327.html
- http://www.openwall.com/lists/oss-security/2012/03/28/1
- http://www.openwall.com/lists/oss-security/2012/03/28/2
- https://bugs.gentoo.org/show_bug.cgi?id=401513
- https://launchpad.net/ubuntu/+source/policykit-1/0.103-1