2 results (0.034 seconds)

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 4

Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID. Condición de carrera en la utilidad pkexec y el demonio polkitd de PolicyKit (polkit) 0.96. Permite a usuarios locales escalar privilegios ejecutando un programa setuid desde pkexec. Relacionado con el uso del ID de usuario efectivo en vez del real. A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. • https://www.exploit-db.com/exploits/35021 https://www.exploit-db.com/exploits/17942 https://www.exploit-db.com/exploits/17932 https://github.com/Pashkela/CVE-2011-1485 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058752.html http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059859.html http://secunia.com/advisories/48817 http://security.gentoo.org/glsa/glsa-201204-06.xml http://securityreason.com/securityalert/8424 http://www.debian.org/sec • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 3

pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users to determine the existence of arbitrary files via the argument. pkexec.c en pkexec en libpolkit en PolicyKit v0.96 permite a usuarios locales determinar la existencia de ficheros de forma arbitraria a través del argumento. • http://bugs.freedesktop.org/show_bug.cgi?id=26982 http://cgit.freedesktop.org/PolicyKit/commit/?id=14bdfd816512a82b1ad258fa143ae5faa945df8a http://marc.info/?l=oss-security&m=127014095301235&w=2 http://marc.info/?l=oss-security&m=127014999113790&w=2 http://secunia.com/advisories/39149 http://secunia.com/advisories/48817 http://security.gentoo.org/glsa/glsa-201204-06.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/57543 https://launchpad.net/bugs/532852 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •