In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-01-11T14:00:00

Updated: 2024-08-04T20:16:23.781Z

Reserved: 2019-01-11T00:00:00

Link: CVE-2019-6133

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-01-11T14:29:00.390

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-6133

cve-icon Redhat

Severity : Important

Publid Date: 2019-01-09T00:00:00Z

Links: CVE-2019-6133 - Bugzilla