CVE-2015-4625

Published: 26 October 2015

Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.

Priority

Status

Package	Release	Status
policykit-1 Launchpad, Ubuntu, Debian	artful	Released (0.105-11ubuntu1)
	bionic	Released (0.105-11ubuntu1)
	cosmic	Released (0.105-11ubuntu1)
	disco	Released (0.105-11ubuntu1)
	eoan	Released (0.105-11ubuntu1)
	focal	Released (0.105-11ubuntu1)
	groovy	Released (0.105-11ubuntu1)
	hirsute	Released (0.105-11ubuntu1)
	precise	Ignored (end of ESM support, was needed)
	trusty	Released (0.105-4ubuntu3.14.04.2)
	upstream	Needs triage
	utopic	Ignored (reached end-of-life)
	vivid	Ignored (reached end-of-life)
	wily	Released (0.105-11ubuntu1)
	xenial	Released (0.105-11ubuntu1)
	yakkety	Released (0.105-11ubuntu1)
	zesty	Released (0.105-11ubuntu1)

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›