CVE-2019-6133

Source
https://nvd.nist.gov/vuln/detail/CVE-2019-6133
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6133.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-6133
Related
Published
2019-01-11T14:29:00Z
Modified
2024-09-18T03:05:13.524442Z
Severity
  • 6.7 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

References

Affected packages

Alpine:v3.7 / polkit

Package

Name
polkit
Purl
pkg:apk/alpine/polkit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.105-r10

Affected versions

0.*

0.96-r0
0.96-r2
0.98-r0
0.99-r0
0.100-r0
0.101-r0
0.101-r1
0.101-r2
0.102-r0
0.103-r0
0.103-r1
0.105-r0
0.105-r1
0.105-r2
0.105-r3
0.105-r4
0.105-r5
0.105-r6
0.105-r7
0.105-r8
0.105-r9

Alpine:v3.8 / polkit

Package

Name
polkit
Purl
pkg:apk/alpine/polkit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.105-r11

Affected versions

0.*

0.96-r0
0.96-r2
0.98-r0
0.99-r0
0.100-r0
0.101-r0
0.101-r1
0.101-r2
0.102-r0
0.103-r0
0.103-r1
0.105-r0
0.105-r1
0.105-r2
0.105-r3
0.105-r4
0.105-r5
0.105-r6
0.105-r7
0.105-r8
0.105-r9
0.105-r10

Alpine:v3.9 / polkit

Package

Name
polkit
Purl
pkg:apk/alpine/polkit?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.105-r11

Affected versions

0.*

0.96-r0
0.96-r2
0.98-r0
0.99-r0
0.100-r0
0.101-r0
0.101-r1
0.101-r2
0.102-r0
0.103-r0
0.103-r1
0.105-r0
0.105-r1
0.105-r2
0.105-r3
0.105-r4
0.105-r5
0.105-r6
0.105-r7
0.105-r8
0.105-r9
0.105-r10

Debian:11 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.19.16-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.19.16-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name
linux
Purl
pkg:deb/debian/linux?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.19.16-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / policykit-1

Package

Name
policykit-1
Purl
pkg:deb/debian/policykit-1?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.105-25

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / policykit-1

Package

Name
policykit-1
Purl
pkg:deb/debian/policykit-1?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.105-25

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / policykit-1

Package

Name
policykit-1
Purl
pkg:deb/debian/policykit-1?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.105-25

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.freedesktop.org/polkit/polkit

Affected ranges

Type
GIT
Repo
https://gitlab.freedesktop.org/polkit/polkit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.100
0.101
0.102
0.103
0.104
0.105
0.106
0.107
0.108
0.109
0.110
0.111
0.112
0.113
0.114
0.115
0.91
0.92
0.93
0.94
0.95
0.96
0.97
0.98
0.99

Other

POLICY_KIT_0_3
POLICY_KIT_0_4
POLICY_KIT_0_5
POLICY_KIT_0_6
POLICY_KIT_0_7
POLICY_KIT_0_8
POLICY_KIT_0_9
start