CVE-2015-4625

2015-10-26 20:59:05 2018-10-30 17:27:35

Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.

Vector

LOCAL

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Opensuse Opensuse 13.2 (not an official CPE) Opensuse Opensuse 13.1 (not an official CPE) Fedora 22 Fedora 21

Polkit project Polkit 0.112 (not an official CPE)

Opensuse - Opensuse Fedoraproject - Fedora Polkit project - Polkit

Advisory	Patch	Confirmed	Link
			[oss-security] 20150616 Re: CVE request for polkit
			[oss-security] 20150609 Re: CVE request for polkit
			[oss-security] 20150608 CVE request for polkit
			openSUSE-SU-2015:1927
			openSUSE-SU-2015:1734
			[polkit-devel] 20150529 Agent Authentication Question
			[polkit-devel] 20150603 Agent Authentication Question
			[polkit-devel] 20150702 polkit-0.113 released
			FEDORA-2015-11743
			FEDORA-2015-11058
			75267
			1035023

CVE-2015-4625

2015-10-26 20:59:05 2018-10-30 17:27:35

Vector

Complexity

Authentication

Confidentiality

Integrity

Availability

Numeric Errors (ID 189)