[USN-1117-1] PolicyKit vulnerability

看板Bugtraq作者kees.時間15年前 (2011/04/21 02:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

--T4IYkFBVPN84tP7K Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-1117-1 April 19, 2011 policykit-1 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 9.10 Summary: Local users could gain root access by using the pkexec tool in PolicyKit. Software Description: - policykit-1: framework for managing administrative policies and privileges Details: Neel Mehta discovered that PolicyKit did not correctly verify the user making authorization requests. A local attacker could exploit this to trick pkexec into running applications with root privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: libpolkit-backend-1-0 0.96-2ubuntu1.1 Ubuntu 10.04 LTS: libpolkit-backend-1-0 0.96-2ubuntu0.1 Ubuntu 9.10: libpolkit-backend-1-0 0.94-1ubuntu1.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: CVE-2011-1485 Package Information: https://launchpad.net/ubuntu/+source/policykit-1/0.96-2ubuntu1.1 https://launchpad.net/ubuntu/+source/policykit-1/0.96-2ubuntu0.1 https://launchpad.net/ubuntu/+source/policykit-1/0.94-1ubuntu1.1 --T4IYkFBVPN84tP7K Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Kees Cook <kees@outflux.net> iQIcBAEBCgAGBQJNrh96AAoJEIly9N/cbcAm3qYQAIaKAn3M30/PSei85UvjEl8n eBGOPGH6EYTzzHcF+LPN0V8aUjRIa3BbO0bcWQ7Wnpl/TSqXMsVDSJ5lObZ8Uepv y2s9cSq+Vs/FfLLPipjWfy+Op5heMpAi7+iiywS3LhWUhKd+Gy4a1wQl6jJXzsKB P5SeQtEgDQkXT8YKLH4AQuROKaHLePJ66fbzs1kA9SQxdwFq1goV69vtzAAmunJ+ 0XP0KNNGvVPPAlx2J+9Ob098KV4KUUVeZZqXzjCMtdrcuoA/p7oDNjpq6bHUAULe QAvpRqEq5uUqfay5dJf8KA2QJ+X7MM4F+X27cRnns74cVALJv+mU7nJhBUYqm1G8 29E3dfJiuMA8Nn6viwSuWprGE+U/+6CAWYy933W3Jra9TrNpms7ldzCC8O5158p9 oMsCNNwVFaI68gxGO4w84CZ9/PWW8cHL6AFlVc+C1XXQo5+fgrE1oCPBR+cMsM72 j+d7xnIZ9I3iw9AduP0Grss59k4BzQy8frgmxnZWZZrChPqQQ5u5iL0xlc/DPbr8 hv5aHj1yzNPiY2Jb/11lTWbYTbk4UIW/6WrEIUog1u1KXybItbSe6i9MPfs1Q4Wy 6PG2QFLLAyIw/71LrfcXjaF33crSKTdXcTCcjcAMyLPL/p1P4JSwBw2kJXutUxOR zrZ5wfHnskrDC2vDVOK3 =iDwn -----END PGP SIGNATURE----- --T4IYkFBVPN84tP7K--

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 kees. 的文章

文章代碼(AID): #1DhnzX7T (Bugtraq)