CVE-2018-19788

Name
CVE-2018-19788
Description
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://gitlab.freedesktop.org/polkit/polkit/issues/74
Issue Tracking https://bugs.debian.org/915332
Third Party Advisory https://www.debian.org/security/2018/dsa-4350
Third Party Advisory https://usn.ubuntu.com/3861-2/
Third Party Advisory https://usn.ubuntu.com/3861-1/
Third Party Advisory https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html
REDHAT https://access.redhat.com/errata/RHSA-2019:2046
GENTOO https://security.gentoo.org/glsa/201908-14
REDHAT https://access.redhat.com/errata/RHSA-2019:3232

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:polkit_project:polkit:0.115:*:*:*:*:*:*:* polkit == None == 0.115

Vulnerable and fixed packages

Source package Branch Version Maintainer Status