CVE-2019-6133: Race Condition

First published: Tue Jan 08 2019(Updated: )

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Polkit Project Polkit	=0.115
Debian Debian Linux	=8.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=7.6
Redhat Enterprise Linux Server Eus	=7.6
Redhat Enterprise Linux Server Tus	=7.6
Redhat Enterprise Linux Workstation	=7.0
Redhat Enterprise Linux Desktop	=6.0
Redhat Enterprise Linux Server	=6.0
Redhat Enterprise Linux Server Aus	=6.6
Redhat Enterprise Linux Workstation	=6.0
Canonical Ubuntu Linux	=12.04
Canonical Ubuntu Linux	=14.04
Canonical Ubuntu Linux	=16.04
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=18.10
debian/linux		5.10.223-1 5.10.226-1 6.1.106-3 6.1.112-1 6.11.4-1 6.11.5-1
debian/policykit-1		0.105-31+deb11u1 122-3 125-2

Never miss a vulnerability like this again

Reference Links

agent/type
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2019-6133
agent/first-publish-date
agent/author
agent/severity
agent/weakness
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-index
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/usn-cve
source/Ubuntu
agent/references
agent/remedy
agent/softwarecombine
agent/tags
agent/description
agent/event
collector/security-tracker-debian
source/Debian
vendor/polkit project
canonical/polkit project polkit
version/polkit project polkit/0.115
vendor/debian
canonical/debian debian linux
version/debian debian linux/8.0
vendor/redhat
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/7.6
canonical/redhat enterprise linux server eus
version/redhat enterprise linux server eus/7.6
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/7.6
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0
version/redhat enterprise linux desktop/6.0
version/redhat enterprise linux server/6.0
version/redhat enterprise linux server aus/6.6
version/redhat enterprise linux workstation/6.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/12.04
version/canonical ubuntu linux/14.04
version/canonical ubuntu linux/16.04
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/18.10
package-manager/debian

CVE-2019-6133: Race Condition

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact