Rapid7 Vulnerability & Exploit Database

RHSA-2011:0455: polkit security update

Back to Search

RHSA-2011:0455: polkit security update

Severity
7
CVSS
(AV:L/AC:M/Au:N/C:C/I:C/A:C)
Published
05/31/2011
Created
07/25/2018
Added
05/31/2011
Modified
07/04/2017

Description

PolicyKit is a toolkit for defining and handling authorizations.A race condition flaw was found in the PolicyKit pkexec utility and polkitddaemon. A local user could use this flaw to appear as a privileged user topkexec, allowing them to execute arbitrary commands as root by runningthose commands with pkexec. (CVE-2011-1485)Red Hat would like to thank Neel Mehta of Google for reporting this issue.All polkit users should upgrade to these updated packages, which containbackported patches to correct this issue. The system must be rebooted forthis update to take effect.

Solution(s)

  • redhat-upgrade-polkit
  • redhat-upgrade-polkit-debuginfo
  • redhat-upgrade-polkit-desktop-policy
  • redhat-upgrade-polkit-devel
  • redhat-upgrade-polkit-docs

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;