CyberSec.Space Logo
Back to CVE Browser

CVE-2018-19788

HIGH
8.8
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile21.45th
PublishedDec 3, 2018
Last ModifiedNov 21, 2024

Vulnerability Description

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

Affected Platforms (CPE)

πŸ“¦
Polkit Project

Polkit

= 0.115
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0
πŸ’»
Canonical

Ubuntu Linux

= 12.04
πŸ’»
Canonical

Ubuntu Linux

= 14.04
πŸ’»
Canonical

Ubuntu Linux

= 16.04
πŸ’»
Canonical

Ubuntu Linux

= 18.04
πŸ’»
Canonical

Ubuntu Linux

= 18.10

References & Advisories

πŸ”— https://access.redhat.com/errata/RHSA-2019:2046
πŸ”— https://access.redhat.com/errata/RHSA-2019:3232
πŸ”— https://bugs.debian.org/915332
πŸ”— https://gitlab.freedesktop.org/polkit/polkit/issues/74
πŸ”— https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html
πŸ”— https://security.gentoo.org/glsa/201908-14
πŸ”— https://usn.ubuntu.com/3861-1/
πŸ”— https://usn.ubuntu.com/3861-2/

Related Vulnerabilities

CVE-2011-07039.8

In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an ad...

CVE-2017-75728.1

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polki...

CVE-2019-132727.8

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wa...

CVE-2020-17127.8

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed ...