CVE-2011-1485

Loading...

General

Score:6.9/10.0
Severity:Medium
Category:Interaction Error
Exploit:Available

Impact Metrics

Confidentiality:Complete
Integrity:Complete
Availability:Complete

Exploitability Metrics

Access Vector:Local
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2013-4288

Published on 31/05/11 - Updated on 19/12/12

Description

Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.

Category: Interaction Error

CWE-362 (Race Conditions)
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Security Notices

US National Vulnerability DatabaseCVE-2011-1485
Debian DSA-2319-1
Oracle Linux ELSA-2011-0455, ELSA-2013-1270
Redhat RHSA-2011:0455

Exploits

Exploit-DBEDB-17932, EDB-17942, EDB-35021

Relative technologies

VendorProduct
redhatpolicykit

Share this vulnerability with:

Twitter Facebook LinkedIn Mail