FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2015-4625

This CVE name corresponds to:

Entered Topic
2016-01-08 polkit -- multiple vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2015-4625 at cve.mitre.org

Details

Type Candidate
Name CVE-2015-4625
Phase Assigned(20150616)

Description

Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.

References

Source Reference
MLIST [oss-security] 20150608 CVE request for polkit
MLIST [oss-security] 20150609 Re: CVE request for polkit
MLIST [oss-security] 20150616 Re: CVE request for polkit
MLIST [polkit-devel] 20150529 Agent Authentication Question
MLIST [polkit-devel] 20150603 Agent Authentication Question
MLIST [polkit-devel] 20150702 polkit-0.113 released
FEDORA FEDORA-2015-11058
FEDORA FEDORA-2015-11743
SUSE openSUSE-SU-2015:1734
BID 75267

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.