CVE-2015-3255

2015-10-2619:59:02

Debian Security Bug Tracker

security-tracker.debian.org

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.1%

JSON

The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.

OSVersionArchitecturePackageVersionFilename
Debian12allpolicykit-1< 0.105-12policykit-1_0.105-12_all.deb
Debian11allpolicykit-1< 0.105-12policykit-1_0.105-12_all.deb
Debian999allpolicykit-1< 0.105-12policykit-1_0.105-12_all.deb
Debian13allpolicykit-1< 0.105-12policykit-1_0.105-12_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	policykit-1	< 0.105-12	policykit-1_0.105-12_all.deb
Debian	11	all	policykit-1	< 0.105-12	policykit-1_0.105-12_all.deb
Debian	999	all	policykit-1	< 0.105-12	policykit-1_0.105-12_all.deb
Debian	13	all	policykit-1	< 0.105-12	policykit-1_0.105-12_all.deb