CVE-2015-4625

Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
opensuseopensuse
13.1
opensuseopensuse
13.2
polkit_projectpolkit
𝑥
≤ 0.112
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
policykit-1
bullseye (security)
0.105-31+deb11u1
fixed
bullseye
0.105-31+deb11u1
fixed
wheezy
no-dsa
squeeze
no-dsa
bookworm
122-3
fixed
sid
125-2
fixed
trixie
125-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
policykit-1
hirsute
Fixed 0.105-11ubuntu1
released
groovy
Fixed 0.105-11ubuntu1
released
focal
Fixed 0.105-11ubuntu1
released
eoan
Fixed 0.105-11ubuntu1
released
disco
Fixed 0.105-11ubuntu1
released
cosmic
Fixed 0.105-11ubuntu1
released
bionic
Fixed 0.105-11ubuntu1
released
artful
Fixed 0.105-11ubuntu1
released
zesty
Fixed 0.105-11ubuntu1
released
yakkety
Fixed 0.105-11ubuntu1
released
xenial
Fixed 0.105-11ubuntu1
released
wily
Fixed 0.105-11ubuntu1
released
vivid
ignored
utopic
ignored
trusty
Fixed 0.105-4ubuntu3.14.04.2
released
precise
ignored
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html
http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html
http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html
http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html
http://www.openwall.com/lists/oss-security/2015/06/08/3
http://www.openwall.com/lists/oss-security/2015/06/09/1
http://www.openwall.com/lists/oss-security/2015/06/16/21
http://www.securityfocus.com/bid/75267
http://www.securitytracker.com/id/1035023
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html
http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html
http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html
http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html
http://www.openwall.com/lists/oss-security/2015/06/08/3
http://www.openwall.com/lists/oss-security/2015/06/09/1
http://www.openwall.com/lists/oss-security/2015/06/16/21
http://www.securityfocus.com/bid/75267
http://www.securitytracker.com/id/1035023