Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4945

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2011-4945
Last Modified 18 Dec 2012 11:46:42
Published 01 Oct 2012 07:55:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4945

Summary

PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication.

Vulnerable Systems

Application

  • Michael Biebl Policykit 0.103


References

CONFIRM - https://launchpad.net/ubuntu/+source/policykit-1/0.103-1

MISC - https://bugs.gentoo.org/show_bug.cgi?id=401513

MLIST - [oss-security] 20120327 Re: CVE Request: PolicyKit change allows users in "wheel" group to become root without a password

MLIST - [oss-security] 20120327 CVE Request: PolicyKit change allows users in "wheel" group to become root without a password

MLIST - [polkit-devel] 20111206 polkit 0.103

CONFIRM - http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch

CONFIRM - http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9

MLIST - [oss-security] 20120327 Re: CVE Request: PolicyKit change allows users in

MLIST - [oss-security] 20120327 CVE Request: PolicyKit change allows users in

GENTOO - GLSA-201204-06

SECUNIA - 48817


Last Updated: 27 May 2016 11:00:49