CVE-2018-19788

Published: 03 December 2018

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
policykit-1
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (0.105-20ubuntu0.18.04.4)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.105-14.1ubuntu0.4)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (0.105-4ubuntu3.14.04.5)
Patches:
Upstream: https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379
Upstream: https://gitlab.freedesktop.org/polkit/polkit/commit/b534a10727455409acd54018a9c91000e7626126