CVE-2011-4945 - Vulnerability Details - OpenCVE

PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.00084.

Key SSVC decision points have not yet been added.

Vendors	Products
Michael Biebl	Policykit

Configuration 1 [-]

cpe:2.3:a:michael_biebl:policykit:0.103:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9
http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch
http://secunia.com/advisories/48817
http://security.gentoo.org/glsa/glsa-201204-06.xml
http://www.mail-archive.com/polkit-devel%40lists.freedesktop.org/msg00327.html
http://www.openwall.com/lists/oss-security/2012/03/28/1
http://www.openwall.com/lists/oss-security/2012/03/28/2
https://bugs.gentoo.org/show_bug.cgi?id=401513
https://launchpad.net/ubuntu/+source/policykit-1/0.103-1
https://nvd.nist.gov/vuln/detail/CVE-2011-4945
https://www.cve.org/CVERecord?id=CVE-2011-4945

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-10-01T23:00:00

Updated: 2024-08-07T00:23:38.637Z

Reserved: 2011-12-23T00:00:00

Link: CVE-2011-4945

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-10-01T23:55:00.800

Modified: 2025-04-11T00:51:21.963

Link: CVE-2011-4945

Redhat

Severity : Important

Publid Date: 2011-12-09T00:00:00Z

Links: CVE-2011-4945 - Bugzilla

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-12-06T00:00:00", "descriptions": [{"lang": "en", "value": "PolicyKit 0.103 sets the AdminIdentities to \"wheel\" by default, which allows local users in the wheel group to gain root privileges without authentication."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-12-19T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "[oss-security] 20120327 Re: CVE Request: PolicyKit change allows users in \"wheel\" group to become root without a password", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/28/2"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=401513"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://launchpad.net/ubuntu/+source/policykit-1/0.103-1"}, {"name": "[polkit-devel] 20111206 polkit 0.103", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.mail-archive.com/polkit-devel%40lists.freedesktop.org/msg00327.html"}, {"name": "GLSA-201204-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201204-06.xml"}, {"name": "48817", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48817"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9"}, {"name": "[oss-security] 20120327 CVE Request: PolicyKit change allows users in \"wheel\" group to become root without a password", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/03/28/1"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:23:38.637Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20120327 Re: CVE Request: PolicyKit change allows users in \"wheel\" group to become root without a password", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/28/2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=401513"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://launchpad.net/ubuntu/+source/policykit-1/0.103-1"}, {"name": "[polkit-devel] 20111206 polkit 0.103", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.mail-archive.com/polkit-devel%40lists.freedesktop.org/msg00327.html"}, {"name": "GLSA-201204-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201204-06.xml"}, {"name": "48817", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48817"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9"}, {"name": "[oss-security] 20120327 CVE Request: PolicyKit change allows users in \"wheel\" group to become root without a password", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/03/28/1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-4945", "datePublished": "2012-10-01T23:00:00", "dateReserved": "2011-12-23T00:00:00", "dateUpdated": "2024-08-07T00:23:38.637Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:michael_biebl:policykit:0.103:*:*:*:*:*:*:*", "matchCriteriaId": "BCE41E05-00E9-4E9B-8489-56589B10C16E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PolicyKit 0.103 sets the AdminIdentities to \"wheel\" by default, which allows local users in the wheel group to gain root privileges without authentication."}, {"lang": "es", "value": "PolicyKit v0.103 fija AdminIdentities a \"wheel\" por defecto, lo que permite a usuarios locales en el grupo wheel para obtener privilegios de root sin autentificaci\u00f3n."}], "id": "CVE-2011-4945", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-10-01T23:55:00.800", "references": [{"source": "secalert@redhat.com", "url": "http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9"}, {"source": "secalert@redhat.com", "url": "http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/48817"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-201204-06.xml"}, {"source": "secalert@redhat.com", "url": "http://www.mail-archive.com/polkit-devel%40lists.freedesktop.org/msg00327.html"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/28/1"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/03/28/2"}, {"source": "secalert@redhat.com", "url": "https://bugs.gentoo.org/show_bug.cgi?id=401513"}, {"source": "secalert@redhat.com", "url": "https://launchpad.net/ubuntu/+source/policykit-1/0.103-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48817"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-201204-06.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mail-archive.com/polkit-devel%40lists.freedesktop.org/msg00327.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/03/28/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/03/28/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.gentoo.org/show_bug.cgi?id=401513"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://launchpad.net/ubuntu/+source/policykit-1/0.103-1"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}