CVE-2011-4945

PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
michael_bieblpolicykit
0.103
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
policykit-1
bullseye (security)
0.105-31+deb11u1
fixed
bullseye
0.105-31+deb11u1
fixed
squeeze
not-affected
bookworm
122-3
fixed
sid
125-2
fixed
trixie
125-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
policykit
oneiric
dne
natty
dne
maverick
dne
lucid
not-affected
hardy
ignored
policykit-1
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
hardy
dne
Common Weakness Enumeration
References
http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9
http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch
http://secunia.com/advisories/48817
http://security.gentoo.org/glsa/glsa-201204-06.xml
http://www.mail-archive.com/polkit-devel%40lists.freedesktop.org/msg00327.html
http://www.openwall.com/lists/oss-security/2012/03/28/1
http://www.openwall.com/lists/oss-security/2012/03/28/2
https://bugs.gentoo.org/show_bug.cgi?id=401513
https://launchpad.net/ubuntu/+source/policykit-1/0.103-1
http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9
http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch
http://secunia.com/advisories/48817
http://security.gentoo.org/glsa/glsa-201204-06.xml
http://www.mail-archive.com/polkit-devel%40lists.freedesktop.org/msg00327.html
http://www.openwall.com/lists/oss-security/2012/03/28/1
http://www.openwall.com/lists/oss-security/2012/03/28/2
https://bugs.gentoo.org/show_bug.cgi?id=401513
https://launchpad.net/ubuntu/+source/policykit-1/0.103-1