CVE-2015-3255

EUVD-2015-3308
The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
polkit_projectpolkit
𝑥
≤ 0.112
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
policykit-1
bookworm
122-3
fixed
bullseye
0.105-31+deb11u1
fixed
bullseye (security)
0.105-31+deb11u1
fixed
sid
125-2
fixed
squeeze
no-dsa
trixie
125-2
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
policykit-1
artful
Fixed 0.105-11ubuntu1
released
bionic
Fixed 0.105-11ubuntu1
released
precise
ignored
trusty
Fixed 0.105-4ubuntu3.14.04.2
released
vivid
ignored
wily
Fixed 0.105-11ubuntu1
released
xenial
Fixed 0.105-11ubuntu1
released
yakkety
Fixed 0.105-11ubuntu1
released
zesty
Fixed 0.105-11ubuntu1
released
Common Weakness Enumeration
References
http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html
http://www.securitytracker.com/id/1035023
https://bugs.freedesktop.org/show_bug.cgi?id=83590
https://bugzilla.redhat.com/show_bug.cgi?id=1245673
https://security.gentoo.org/glsa/201611-07
https://usn.ubuntu.com/3717-2/
http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html
http://www.securitytracker.com/id/1035023
https://bugs.freedesktop.org/show_bug.cgi?id=83590
https://bugzilla.redhat.com/show_bug.cgi?id=1245673
https://security.gentoo.org/glsa/201611-07
https://usn.ubuntu.com/3717-2/