#VU16966 Security restrictions bypass in PolicyKit


Published: 2019-01-11 | Updated: 2019-01-14

Vulnerability identifier: #VU16966

Vulnerability risk: Low

CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C]

CVE-ID: CVE-2019-6133

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PolicyKit
Client/Desktop applications / Other client software

Vendor: Freedesktop.org

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to fork() is not atomic, and therefore authorization decisions are improperly cached, related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. A remote unauthenticated attacker can bypass the "start time" protection mechanism

Mitigation
Cybersecurity Help is currently unaware of any official solution to address the vulnerability.

Vulnerable software versions

PolicyKit: 0.115

External links
http://gitlab.freedesktop.org/polkit/polkit/merge_requests/19
http://bugs.chromium.org/p/project-zero/issues/detail?id=1692

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Dell EMC Data Computing Appliance (DCA)
Multiple vulnerabilities in Dell EMC Unity Family, Dell EMC Unity XT Family
Red Hat update for polkit
Red Hat update for polkit
OpenSUSE Linux update for polkit
Security restrictions bypass in polkit (Alpine package)
Red Hat Enterprise Linux 6.6 Advanced Update Support update for polkit
Ubuntu update for Linux kernel (HWE)
Red Hat update for polkit
Red Hat update for polkit