CVE-2015-4625

NameCVE-2015-4625
DescriptionInteger overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: local)
Debian Bugs796134

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
policykit-1 (PTS)wheezy0.105-3vulnerable
jessie0.105-15~deb8u2fixed
buster, sid, stretch0.105-18fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
policykit-1source(unstable)0.105-12low796134
policykit-1sourceexperimental0.113-1medium
policykit-1sourcejessie0.105-15~deb8u1medium

Notes

[wheezy] - policykit-1 <no-dsa> (Minor issue)
[squeeze] - policykit-1 <no-dsa> (Minor issue)
http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html
http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
https://bugs.freedesktop.org/show_bug.cgi?id=90837
https://bugs.freedesktop.org/show_bug.cgi?id=90832
http://www.openwall.com/lists/oss-security/2015/06/08/3
http://cgit.freedesktop.org/polkit/commit/?id=ea544ffc18405237ccd95d28d7f45afef49aca17
http://cgit.freedesktop.org/polkit/commit/?id=493aa5dc1d278ab9097110c1262f5229bbaf1766
http://cgit.freedesktop.org/polkit/commit/?id=fb5076b7c05d01a532d593a4079a29cf2d63a228

Search for package or bug name: Reporting problems