vulnerability

Red Hat: CVE-2019-6133: Important: polkit security update (Multiple Advisories)

Name: Red Hat: CVE-2019-6133: Important: polkit security update (Multiple Advisories)
Creator: Red Hat
Published: 2019-01-11T00:00:00.000Z
Keywords: CVE, Red Hat, 2019, 6133, Important, redhat-upgrade-polkit, redhat-upgrade-polkit-debuginfo, redhat-upgrade-polkit-desktop-policy, redhat-upgrade-polkit-devel, redhat-upgrade-polkit-docs, Severity 6

Try Surface Command

Back to search

Severity

CVSS

(AV:L/AC:H/Au:S/C:C/I:C/A:C)

Published

Jan 11, 2019

Added

Feb 1, 2019

Modified

Jan 28, 2025

Description

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

Solutions

redhat-upgrade-polkitredhat-upgrade-polkit-debuginforedhat-upgrade-polkit-desktop-policyredhat-upgrade-polkit-develredhat-upgrade-polkit-docs

References

BID-106537
NVD-CVE-2019-6133
REDHAT-RHSA-2019:0230
REDHAT-RHSA-2019:0420
REDHAT-RHSA-2019:0832
REDHAT-RHSA-2019:2699
REDHAT-RHSA-2019:2978

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report