In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-01-11T14:00:00
Updated: 2024-08-04T20:16:23.781Z
Reserved: 2019-01-11T00:00:00
Link: CVE-2019-6133
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-01-11T14:29:00.390
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-6133
Redhat