CyberSec.Space Logo
返回 CVE 浏览器

CVE-2018-19788

HIGH
8.8
CVSS Severity Score
EPSS Score0.1650%
EPSS Percentile21.45th
Published2018年12月3日
Last Modified2024年11月21日

Vulnerability Description

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

Affected Platforms (CPE)

📦
Polkit Project

Polkit

= 0.115
💻
Debian

Debian Linux

= 8.0
💻
Debian

Debian Linux

= 9.0
💻
Canonical

Ubuntu Linux

= 12.04
💻
Canonical

Ubuntu Linux

= 14.04
💻
Canonical

Ubuntu Linux

= 16.04
💻
Canonical

Ubuntu Linux

= 18.04
💻
Canonical

Ubuntu Linux

= 18.10

References & Advisories

🔗 https://access.redhat.com/errata/RHSA-2019:2046
🔗 https://access.redhat.com/errata/RHSA-2019:3232
🔗 https://bugs.debian.org/915332
🔗 https://gitlab.freedesktop.org/polkit/polkit/issues/74
🔗 https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html
🔗 https://security.gentoo.org/glsa/201908-14
🔗 https://usn.ubuntu.com/3861-1/
🔗 https://usn.ubuntu.com/3861-2/

相关漏洞威胁

CVE-2011-07039.8

In gksu-polkit before 0.0.3, the source file for xauth may contain arbitrary commands that may allow an attacker to overtake an ad...

CVE-2017-75728.1

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polki...

CVE-2019-132727.8

In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials of a process that wa...

CVE-2020-17127.8

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed ...