Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE Request: PolicyKit change allows users in "wheel" group to become root without a password
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 27 Mar 2012 22:06:59 -0600

On 03/27/2012 08:45 PM, Tim Sammut wrote:

Please assign a CVE to this issue.

An intended change in PolicyKit [1] version 0.103 [2] allows users
of the "wheel" group to become root without providing the root
password. While this was intentional, we believe it presents a
security concern for our users [3].


http://www.mail-archive.com/polkit-devel () lists freedesktop org/msg00327.html

[3] https://bugs.gentoo.org/show_bug.cgi?id=401513


[5] https://launchpad.net/ubuntu/+source/policykit-1/0.103-1

thank you tim

Please use CVE-2011-4945 for this issue (link #4 is from 2011).

Kurt Seifried Red Hat Security Response Team (SRT)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]