CVE-2018-19788 - OpenCVE

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Polkit Project	Polkit
Redhat	Enterprise Linux Rhel Eus

Configuration 1 [-]

cpe:2.3:a:polkit_project:polkit:0.115:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:8.0:::::::*
	cpe:2.3:o:debian:debian_linux:9.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
	cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 7
polkit-0:0.112-22.el7	cpe:/o:redhat:enterprise_linux:7	RHSA-2019:2046	2019-08-06T00:00:00Z
Red Hat Enterprise Linux 7.6 Extended Update Support
polkit-0:0.112-18.el7_6.2	cpe:/o:redhat:rhel_eus:7.6	RHSA-2019:3232	2019-10-29T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2019:2046
https://access.redhat.com/errata/RHSA-2019:3232
https://bugs.debian.org/915332
https://gitlab.freedesktop.org/polkit/polkit/issues/74
https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html
https://nvd.nist.gov/vuln/detail/CVE-2018-19788
https://security.gentoo.org/glsa/201908-14
https://security.netapp.com/advisory/ntap-20240816-0001/
https://usn.ubuntu.com/3861-1/
https://usn.ubuntu.com/3861-2/
https://www.cve.org/CVERecord?id=CVE-2018-19788
https://www.debian.org/security/2018/dsa-4350

History

Thu, 29 Aug 2024 20:30:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20240816-0001/

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2018-12-03T06:00:00

Updated: 2024-08-29T15:55:31.505Z

Reserved: 2018-12-02T00:00:00

Link: CVE-2018-19788

Vulnrichment

Updated: 2024-08-16T17:02:35.601Z

NVD

Status : Modified

Published: 2018-12-03T06:29:00.243

Modified: 2019-08-06T17:15:34.397

Link: CVE-2018-19788

Redhat

Severity : Moderate

Publid Date: 2018-12-03T00:00:00Z

Links: CVE-2018-19788 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object