#VU45010 Race condition in PolicyKit - CVE-2011-1485

Cybersecurity Help s.r.o.

Published: 2011-05-31 | Updated: 2020-08-11

Vulnerability identifier: #VU45010

Vulnerability risk: High

CVSSv4.0: 8.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]

CVE-ID: CVE-2011-1485

CWE-ID: CWE-362

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
PolicyKit
Client/Desktop applications / Other client software

Vendor: Freedesktop.org

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PolicyKit: 0.96

External links
https://lists.fedoraproject.org/pipermail/package-announce/2011-April/058752.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-May/059859.html
https://secunia.com/advisories/48817
https://security.gentoo.org/glsa/glsa-201204-06.xml
https://securityreason.com/securityalert/8424
https://www.debian.org/security/2011/dsa-2319
https://www.mandriva.com/security/advisories?name=MDVSA-2011:086
https://www.redhat.com/support/errata/RHSA-2011-0455.html
https://www.ubuntu.com/usn/USN-1117-1
https://bugzilla.redhat.com/show_bug.cgi?id=692922

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

Latest bulletins with this vulnerability

Race condition in Freedesktop PolicyKit

Slackware Linux update for polkit