CVE-2011-1485

Related Files

Linux PolicyKit Race Condition Privilege Escalation

Posted Oct 18, 2014

Authored by xi4oyu, 0a29406d9794e4f9b30b3c5d6702c708

A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec. Those vulnerable include RHEL6 prior to polkit-0.96-2.el6_0.1 and Ubuntu libpolkit-backend-1 prior to 0.96-2ubuntu1.1 (10.10) 0.96-2ubuntu0.1 (10.04 LTS) and 0.94-1ubuntu1.1 (9.10).

tags | exploit, arbitrary, local, root

systems | linux, ubuntu

advisories | CVE-2011-1485

SHA-256 | 44c67bccd61b94ba8480766e3dc865358c7d2a64baf47923660508bc28f920c4

Download | Favorite | View

Gentoo Linux Security Advisory 201204-06

Posted Apr 18, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201204-6 - Multiple vulnerabilities have been found in PolicyKit, the worst of which may allow a local attacker to gain root privileges. Versions less than 0.104-r1 are affected.

tags | advisory, local, root, vulnerability

systems | linux, gentoo

advisories | CVE-2010-0750, CVE-2011-1485, CVE-2011-4945

SHA-256 | 93ec59cdcfdba7ed45654ae2b831916e2ac8a536165e68aeba2de09b35d935c7

Download | Favorite | View

Debian Security Advisory 2319-1

Posted Oct 9, 2011

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2319-1 - Neel Mehta discovered that a race condition in Policykit, a framework for managing administrative policies and privileges, allowed local users to elevate privileges by executing a setuid program from pkexec.

tags | advisory, local

systems | linux, debian

advisories | CVE-2011-1485

SHA-256 | fd9a38d6c26c6af336b66aff12b64ff3d28387145ad04a80f05937983c95217a

Download | Favorite | View

pkexec Race Condition

Posted Oct 9, 2011

Authored by xi4oyu

pkexec race condition privilege escalation exploit.

tags | exploit

advisories | CVE-2011-1485

SHA-256 | 055dfe828e2174149cd6a6f47e2e9872df8b0c0a1d7903ed1d201259fe0bf81c

Download | Favorite | View

Linux pkexec / polkitd 0.96 Race Condition

Posted Oct 9, 2011

Authored by Ev1lut10n

Linux pkexec and polkitd 0.96 race condition privilege escalation exploit.

tags | exploit

systems | linux

advisories | CVE-2011-1485

SHA-256 | 65e120e540ab20fac7e8b0111a9b4dad151dd6197d642faf241f59ca37a33f28

Download | Favorite | View

PolicyKit 0.101 Privilege Escalation

Posted Oct 5, 2011

Authored by zx2c4

PolicyKit versions 0.101 and below local privilege escalation exploit.

tags | exploit, local

advisories | CVE-2011-1485

SHA-256 | 8e1577823139cfa501ce0535ad03ba8172e54feaed9443aab35fb42423be384b

Download | Favorite | View

Mandriva Linux Security Advisory 2011-086

Posted May 16, 2011

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-086 - A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec. The updated packages have been patched to correct this issue.

tags | advisory, arbitrary, local, root

systems | linux, mandriva

advisories | CVE-2011-1485

SHA-256 | 4d1378d24d238c4a412b7901ca0ad28b94cd0c13aeb47449cf04e14e9c9fa2d1

Download | Favorite | View

Ubuntu Security Notice USN-1117-1

Posted Apr 20, 2011

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1117-1 - Neel Mehta discovered that PolicyKit did not correctly verify the user making authorization requests. A local attacker could exploit this to trick pkexec into running applications with root privileges.

tags | advisory, local, root

systems | linux, ubuntu

advisories | CVE-2011-1485

SHA-256 | 4c6944cfa8da3fb2362a0b9f983fa2667e828c17e438aa809577c054cc336f17

Download | Favorite | View