Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1485

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2011-1485
Last Modified 18 Dec 2012 11:39:06
Published 31 May 2011 04:55:02
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-1485

Summary

Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.

Vulnerable Systems

Application

  • Redhat Policykit 0.96


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=692922

FEDORA - FEDORA-2011-5676

FEDORA - FEDORA-2011-5589

UBUNTU - USN-1117-1

REDHAT - RHSA-2011:0455

MANDRIVA - MDVSA-2011:086

DEBIAN - DSA-2319

SREASON - 8424

GENTOO - GLSA-201204-06

SECUNIA - 48817


Last Updated: 27 May 2016 10:58:12