CVE-2019-6133: Race Condition

First published: Tue Jan 08 2019(Updated: )

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
ubuntu/linux	<4.15.0-46.49	4.15.0-46.49
ubuntu/linux	<4.18.0-16.17	4.18.0-16.17
ubuntu/linux	<3.13.0-166.216	3.13.0-166.216
ubuntu/linux	<5.0~	5.0~
ubuntu/linux	<4.4.0-143.169	4.4.0-143.169
ubuntu/linux-aws	<4.15.0-1033.35	4.15.0-1033.35
ubuntu/linux-aws	<4.18.0-1011.13	4.18.0-1011.13
ubuntu/linux-aws	<4.4.0-1039.42	4.4.0-1039.42
ubuntu/linux-aws	<5.0~	5.0~
ubuntu/linux-aws	<4.4.0-1077.87	4.4.0-1077.87
ubuntu/linux-aws-hwe	<5.0~	5.0~
ubuntu/linux-aws-hwe	<4.15.0-1033.35~16.04.1	4.15.0-1033.35~16.04.1
ubuntu/linux-azure	<4.18.0-1013.13~18.04.1	4.18.0-1013.13~18.04.1
ubuntu/linux-azure	<4.18.0-1013.13	4.18.0-1013.13
ubuntu/linux-azure	<4.15.0-1040.44~14.04.1	4.15.0-1040.44~14.04.1
ubuntu/linux-azure	<5.0~	5.0~
ubuntu/linux-azure	<4.15.0-1040.44	4.15.0-1040.44
ubuntu/linux-azure-edge	<4.18.0-1013.13~18.04.1	4.18.0-1013.13~18.04.1
ubuntu/linux-azure-edge	<5.0~	5.0~
ubuntu/linux-azure-edge	<4.15.0-1040.44	4.15.0-1040.44
ubuntu/linux-euclid	<5.0~	5.0~
ubuntu/linux-flo	<5.0~	5.0~
ubuntu/linux-gcp	<4.15.0-1028.29	4.15.0-1028.29
ubuntu/linux-gcp	<4.18.0-1007.8	4.18.0-1007.8
ubuntu/linux-gcp	<5.0~	5.0~
ubuntu/linux-gcp	<4.15.0-1028.29~16.04.1	4.15.0-1028.29~16.04.1
ubuntu/linux-gcp-edge	<4.15.0-1028.29	4.15.0-1028.29
ubuntu/linux-gcp-edge	<5.0~	5.0~
ubuntu/linux-gke	<5.0~	5.0~
ubuntu/linux-gke-4.15	<5.0~	5.0~
ubuntu/linux-gke-5.0	<5.0~	5.0~
ubuntu/linux-goldfish	<5.0~	5.0~
ubuntu/linux-grouper	<5.0~	5.0~
ubuntu/linux-hwe	<4.18.0-16.17~18.04.1	4.18.0-16.17~18.04.1
ubuntu/linux-hwe	<5.0~	5.0~
ubuntu/linux-hwe	<4.15.0-46.49~16.04.1	4.15.0-46.49~16.04.1
ubuntu/linux-hwe-edge	<5.0~	5.0~
ubuntu/linux-hwe-edge	<4.15.0-46.49~16.04.1	4.15.0-46.49~16.04.1
ubuntu/linux-kvm	<4.15.0-1030.30	4.15.0-1030.30
ubuntu/linux-kvm	<4.18.0-1008.8	4.18.0-1008.8
ubuntu/linux-kvm	<5.0~	5.0~
ubuntu/linux-kvm	<4.4.0-1041.47	4.4.0-1041.47
ubuntu/linux-lts-trusty	<5.0~	5.0~
ubuntu/linux-lts-utopic	<5.0~	5.0~
ubuntu/linux-lts-vivid	<5.0~	5.0~
ubuntu/linux-lts-wily	<5.0~	5.0~
ubuntu/linux-lts-xenial	<4.4.0-143.169~14.04.2	4.4.0-143.169~14.04.2
ubuntu/linux-lts-xenial	<5.0~	5.0~
ubuntu/linux-maguro	<5.0~	5.0~
ubuntu/linux-mako	<5.0~	5.0~
ubuntu/linux-manta	<5.0~	5.0~
ubuntu/linux-oem	<4.15.0-1034.39	4.15.0-1034.39
ubuntu/linux-oem	<4.15.0-1034.39	4.15.0-1034.39
ubuntu/linux-oem	<5.0~	5.0~
ubuntu/linux-oracle	<4.15.0-1009.11	4.15.0-1009.11
ubuntu/linux-oracle	<4.15.0-1009.11	4.15.0-1009.11
ubuntu/linux-oracle	<5.0~	5.0~
ubuntu/linux-oracle	<4.15.0-1009.11~16.04.1	4.15.0-1009.11~16.04.1
ubuntu/linux-raspi2	<4.15.0-1032.34	4.15.0-1032.34
ubuntu/linux-raspi2	<4.18.0-1010.12	4.18.0-1010.12
ubuntu/linux-raspi2	<5.0~	5.0~
ubuntu/linux-raspi2	<4.4.0-1104.112	4.4.0-1104.112
ubuntu/linux-snapdragon	<4.15.0-1053.57	4.15.0-1053.57
ubuntu/linux-snapdragon	<5.0~	5.0~
ubuntu/linux-snapdragon	<4.4.0-1108.113	4.4.0-1108.113
ubuntu/policykit-1	<0.105-20ubuntu0.18.04.5	0.105-20ubuntu0.18.04.5
ubuntu/policykit-1	<0.105-21ubuntu0.4	0.105-21ubuntu0.4
ubuntu/policykit-1	<0.105-25	0.105-25
ubuntu/policykit-1	<0.105-4ubuntu3.14.04.6	0.105-4ubuntu3.14.04.6
ubuntu/policykit-1	<0.105-14.1ubuntu0.5	0.105-14.1ubuntu0.5
Polkit Project Polkit	=0.115
Debian Debian Linux	=8.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=7.6
Redhat Enterprise Linux Server Eus	=7.6
Redhat Enterprise Linux Server Tus	=7.6
Redhat Enterprise Linux Workstation	=7.0
Redhat Enterprise Linux Desktop	=6.0
Redhat Enterprise Linux Server	=6.0
Redhat Enterprise Linux Server Aus	=6.6
Redhat Enterprise Linux Workstation	=6.0
Canonical Ubuntu Linux	=12.04
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=18.10
debian/linux		4.19.249-2 4.19.304-1 5.10.209-2 5.10.216-1 6.1.76-1 6.1.90-1 6.7.12-1
debian/policykit-1		0.105-25+deb10u1 0.105-31+deb11u1 122-3 124-2

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

agent/type
agent/last-modified-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-6133
agent/first-publish-date
agent/author
agent/severity
agent/weakness
agent/remedy
agent/description
collector/usn-cve
source/Ubuntu
agent/software-canonical-lookup
agent/references
agent/tags
agent/event
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/ubuntu
package-manager/debian
vendor/polkit project
canonical/polkit project polkit
version/polkit project polkit/0.115
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.6
canonical/redhat enterprise linux server eus
version/redhat enterprise linux server eus/7.6
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.6
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0
version/redhat enterprise linux desktop/6.0
version/redhat enterprise linux server/6.0
version/redhat enterprise linux server aus/6.6
version/redhat enterprise linux workstation/6.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/12.04
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/18.10

CVE-2019-6133: Race Condition

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Company

Resources

Contact