Your submission was sent successfully! Close

CVE-2018-8885

Published: 26 March 2018

screenresolution-mechanism in screen-resolution-extra 0.17.2 does not properly use the PolicyKit D-Bus API, which allows local users to bypass intended access restrictions by leveraging a race condition via a setuid or pkexec process that is mishandled in a PolicyKitService._check_permission call.

Priority

Medium

CVSS 3 base score: 7.0

Status

Package Release Status
screen-resolution-extra
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus)
Released (0.17.1.1~16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [0.17.1.1~14.04.1])