QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2019-6133

Back to search

CVE-2019-6133

Published: Jan 11, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

VendorProductVersions

n/a

n/a

affected
n/a

References

USN-3903-2
vendor-advisory
x_refsource_UBUNTU
RHSA-2019:0230
vendor-advisory
x_refsource_REDHAT
USN-3910-1
vendor-advisory
x_refsource_UBUNTU
USN-3901-2
vendor-advisory
x_refsource_UBUNTU
USN-3910-2
vendor-advisory
x_refsource_UBUNTU
RHSA-2019:0420
vendor-advisory
x_refsource_REDHAT
USN-3908-2
vendor-advisory
x_refsource_UBUNTU
USN-3901-1
vendor-advisory
x_refsource_UBUNTU
USN-3903-1
vendor-advisory
x_refsource_UBUNTU
106537
vdb-entry
x_refsource_BID
USN-3908-1
vendor-advisory
x_refsource_UBUNTU
USN-3934-1
vendor-advisory
x_refsource_UBUNTU
RHSA-2019:0832
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2019:1914
vendor-advisory
x_refsource_SUSE
USN-3934-2
vendor-advisory
x_refsource_UBUNTU
RHSA-2019:2699
vendor-advisory
x_refsource_REDHAT
RHSA-2019:2978
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now