Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Ubuntu 10.10, 10.04 LTS, 9.10: USN-1117-1 Moderate PolicyKit Exploitation

Calendar Apr 19, 2011 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory software update local exploit root access ubuntu policykit administrative privileges
Local users could gain root access by using the pkexec tool in PolicyKit. 
=========================================================================Ubuntu Security Notice USN-1117-1
April 19, 2011

policykit-1 vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 9.10

Summary:

Local users could gain root access by using the pkexec tool in PolicyKit.

Software Description:
- policykit-1: framework for managing administrative policies and privileges

Details:

Neel Mehta discovered that PolicyKit did not correctly verify the user
making authorization requests. A local attacker could exploit this to
trick pkexec into running applications with root privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.10:
  libpolkit-backend-1-0           0.96-2ubuntu1.1

Ubuntu 10.04 LTS:
  libpolkit-backend-1-0           0.96-2ubuntu0.1

Ubuntu 9.10:
  libpolkit-backend-1-0           0.94-1ubuntu1.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References:
  CVE-2011-1485

Package Information:
  https://launchpad.net/ubuntu/+source/policykit-1/0.96-2ubuntu1.1
  https://launchpad.net/ubuntu/+source/policykit-1/0.96-2ubuntu0.1
  https://launchpad.net/ubuntu/+source/policykit-1/0.94-1ubuntu1.1

Ubuntu 10.10, 10.04 LTS, 9.10: USN-1117-1 Moderate PolicyKit Exploitation

ubuntu
Calendar Grey April 19, 2011
Dist Ubuntu Esm H88
Users on local machines might take advantage of the policykit-1 flaw to obtain root privileges using pkexec. Ensure your system is updated for enhanced security.
Local users could gain root access by using the pkexec tool in PolicyKit.

Summary

Topics%20covered

Topics Covered

security advisory software update local exploit root access ubuntu policykit administrative privileges

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: libpolkit-backend-1-0 0.96-2ubuntu1.1 Ubuntu 10.04 LTS: libpolkit-backend-1-0 0.96-2ubuntu0.1 Ubuntu 9.10: libpolkit-backend-1-0 0.94-1ubuntu1.1 After a standard system update you need to reboot your computer to make all the necessary changes.

References

CVE-2011-1485

Severity
important
Lowest
Low
Medium
High
Critical

April 19, 2011

Topics%20covered

Topics Covered

security advisory software update local exploit root access ubuntu policykit administrative privileges

Package Information

https://launchpad.net/ubuntu/+source/policykit-1/0.96-2ubuntu1.1 https://launchpad.net/ubuntu/+source/policykit-1/0.96-2ubuntu0.1 https://launchpad.net/ubuntu/+source/policykit-1/0.94-1ubuntu1.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here