Fluid Attacks Database

Description

Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	policykit-1	>=0 <0.105-12	0.105-12
debian 13	policykit-1	>=0 <0.105-12	0.105-12
debian 14	policykit-1	>=0 <0.105-12	0.105-12
debian 12	policykit-1	>=0 <0.105-12	0.105-12
rpm rhel7	polkit	-	-
rpm rhel6	polkit	-	-

Aliases

1. CVE-2015-46252. NVD-2015-46253. OSV-DEBIAN-2015-46254. OSV-2015-46255. SECURITY-TRACKER-CVE-2015-4625

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.