Fluid Attacks Database

Description

A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	policykit-1	>=0 <0.105-21	0.105-21
debian 12	policykit-1	>=0 <0.105-21	0.105-21
debian 14	policykit-1	>=0 <0.105-21	0.105-21
debian 13	policykit-1	>=0 <0.105-21	0.105-21
rpm rhel6	polkit	-	-
rpm rhel7	polkit	<0:0.112-26.el7	0:0.112-26.el7

Aliases

1. CVE-2018-11162. NVD-2018-11163. OSV-DEBIAN-2018-11164. OSV-2018-11165. SECURITY-TRACKER-CVE-2018-1116

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.