CVE-2011-1485 : Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privil

Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.

Published 2011-05-31 20:55:02

Updated 2012-12-19 04:39:07

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2011-1485

Probability of exploitation activity in the next 30 days: 0.07%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 27 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2011-1485

Linux PolicyKit Race Condition Privilege Escalation

Disclosure Date: 2011-04-01

First seen: 2020-04-26

exploit/linux/local/pkexec

A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec. Those vu

More information

CVSS scores for CVE-2011-1485

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C	3.4	10.0	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2011-1485

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-1485

http://securityreason.com/securityalert/8424

PolicyKit Pwnage linux local privilege escalation on polkit-1 <= 0.101 - CXSecurity.com
http://www.redhat.com/support/errata/RHSA-2011-0455.html

Support
http://security.gentoo.org/glsa/glsa-201204-06.xml

PolicyKit: Multiple vulnerabilities (GLSA 201204-06) — Gentoo security

CVEs referencing this url
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059859.html

[SECURITY] Fedora 14 Update: polkit-0.98-5.fc14
Patch
https://bugzilla.redhat.com/show_bug.cgi?id=692922

692922 – (CVE-2011-1485) CVE-2011-1485 polkitd/pkexec vulnerability
Patch
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058752.html

[SECURITY] Fedora 15 Update: polkit-0.101-5.fc15
Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2011:086

mandriva.com
http://www.debian.org/security/2011/dsa-2319

Debian -- Security Information -- DSA-2319-1 policykit-1
http://www.ubuntu.com/usn/USN-1117-1

USN-1117-1: PolicyKit vulnerability | Ubuntu security notices

Products affected by CVE-2011-1485

Redhat » Policykit » Version: 0.96
cpe:2.3:a:redhat:policykit:0.96:*:*:*:*:*:*:*
Matching versions