Lucene search

PRIOn knowledge basePRION:CVE-2018-19788

HistoryDec 03, 2018 - 6:29 a.m.

Command injection

2018-12-0306:29:00

PRIOn knowledge base

www.prio-n.com

8.4 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.5%

JSON

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq14.04
ubuntu_linuxeq12.04
ubuntu_linuxeq18.04
ubuntu_linuxeq18.10
debian_linuxeq8.0
debian_linuxeq9.0
polkiteq0.115

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	12.04
ubuntu_linux	eq	18.04
ubuntu_linux	eq	18.10
debian_linux	eq	8.0
debian_linux	eq	9.0
polkit	eq	0.115

References

access.redhat.com/errata/RHSA-2019:2046

access.redhat.com/errata/RHSA-2019:3232

bugs.debian.org/915332

gitlab.freedesktop.org/polkit/polkit/issues/74

lists.debian.org/debian-lts-announce/2019/01/msg00021.html

security.gentoo.org/glsa/201908-14

usn.ubuntu.com/3861-1/

usn.ubuntu.com/3861-2/

www.debian.org/security/2018/dsa-4350