CVE-2018-19788

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-19788

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19788.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-19788

Related

Published

2018-12-03T06:29:00Z

Modified

2024-10-28T23:48:19.019391Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

References

Affected packages

Alpine:v3.6 / polkit

Package

Name: polkit
Purl: pkg:apk/alpine/polkit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.105-r8

Affected versions

0.*

0.96-r0

0.96-r2

0.98-r0

0.99-r0

0.100-r0

0.101-r0

0.101-r1

0.101-r2

0.102-r0

0.103-r0

0.103-r1

0.105-r0

0.105-r1

0.105-r2

0.105-r3

0.105-r4

0.105-r5

0.105-r6

0.105-r7

Alpine:v3.7 / polkit

Package

Name: polkit
Purl: pkg:apk/alpine/polkit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.105-r8

Affected versions

0.*

0.96-r0

0.96-r2

0.98-r0

0.99-r0

0.100-r0

0.101-r0

0.101-r1

0.101-r2

0.102-r0

0.103-r0

0.103-r1

0.105-r0

0.105-r1

0.105-r2

0.105-r3

0.105-r4

0.105-r5

0.105-r6

0.105-r7

Alpine:v3.8 / polkit

Package

Name: polkit
Purl: pkg:apk/alpine/polkit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.105-r9

Affected versions

0.*

0.96-r0

0.96-r2

0.98-r0

0.99-r0

0.100-r0

0.101-r0

0.101-r1

0.101-r2

0.102-r0

0.103-r0

0.103-r1

0.105-r0

0.105-r1

0.105-r2

0.105-r3

0.105-r4

0.105-r5

0.105-r6

0.105-r7

0.105-r8

Alpine:v3.9 / polkit

Package

Name: polkit
Purl: pkg:apk/alpine/polkit?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.105-r9

Affected versions

0.*

0.96-r0

0.96-r2

0.98-r0

0.99-r0

0.100-r0

0.101-r0

0.101-r1

0.101-r2

0.102-r0

0.103-r0

0.103-r1

0.105-r0

0.105-r1

0.105-r2

0.105-r3

0.105-r4

0.105-r5

0.105-r6

0.105-r7

0.105-r8

Debian:11 / policykit-1

Package

Name: policykit-1
Purl: pkg:deb/debian/policykit-1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.105-23

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / policykit-1

Package

Name: policykit-1
Purl: pkg:deb/debian/policykit-1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.105-23

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / policykit-1

Package

Name: policykit-1
Purl: pkg:deb/debian/policykit-1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.105-23

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.freedesktop.org/polkit/polkit

Affected ranges

Type: GIT
Repo: https://gitlab.freedesktop.org/polkit/polkit
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

b0a5d0f1a5b835819da630a6d27ed89dd4d7f464

Affected versions

0.*

0.100

0.101

0.102

0.103

0.104

0.105

0.106

0.107

0.108

0.109

0.110

0.111

0.112

0.113

0.114

0.115

0.91

0.92

0.93

0.94

0.95

0.96

0.97

0.98

0.99

Other

POLICY_KIT_0_3

POLICY_KIT_0_4

POLICY_KIT_0_5

POLICY_KIT_0_6

POLICY_KIT_0_7

POLICY_KIT_0_8

POLICY_KIT_0_9

start