Home page logo

oss-sec logo oss-sec mailing list archives

CVE Request: PolicyKit change allows users in "wheel" group to become root without a password
From: Tim Sammut <underling () gentoo org>
Date: Tue, 27 Mar 2012 19:45:09 -0700


Please assign a CVE to this issue.

An intended change in PolicyKit [1] version 0.103 [2] allows users of
the "wheel" group to become root without providing the root password.
While this was intentional, we believe it presents a security concern
for our users [3].

http://www.mail-archive.com/polkit-devel () lists freedesktop org/msg00327.html
[3] https://bugs.gentoo.org/show_bug.cgi?id=401513

[5] https://launchpad.net/ubuntu/+source/policykit-1/0.103-1

thank you

Tim Sammut ~ Gentoo Security Team
underling () gentoo org ~ C2375493

Attachment: signature.asc
Description: OpenPGP digital signature

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]