Vulnerability-Lookup

BDU:2019-01338

Vulnerability from fstec - Published: 08.01.2019

Title

Уязвимость библиотеки Polkit операционных систем Linux, позволяющая нарушителю выполнить произвольные команды

Description

Уязвимость библиотеки Polkit операционных систем Linux связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю выполнить произвольные команды

Severity ?


                    
                      AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Vendor

Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Novell Inc.

Software Name

Red Hat Enterprise Linux, Ubuntu, Polkit, Astra Linux Common Edition (запись в едином реестре российских программ №4433), OpenSUSE Leap, Debian GNU/Linux, Linux

Software Version

Desktop 6 (Red Hat Enterprise Linux), Workstation 6 (Red Hat Enterprise Linux), Desktop 7 (Red Hat Enterprise Linux), Workstation 7 (Red Hat Enterprise Linux), 14.04 LTS (Ubuntu), 16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 18.10 (Ubuntu), Server 6.0 (Red Hat Enterprise Linux), 0.115 (Polkit), 12.04 ESM (Ubuntu), Server 7.0 (Red Hat Enterprise Linux), Server 7.6 (Red Hat Enterprise Linux), Server AUS 7.6 (Red Hat Enterprise Linux), Server EUS 7.6 (Red Hat Enterprise Linux), Server TUS 7.6 (Red Hat Enterprise Linux), 2.12 «Орёл» (Astra Linux Common Edition), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 15.2 (OpenSUSE Leap), от 4.0 до 4.4.169 включительно (Linux), от 4.5 до 4.9.149 включительно (Linux), от 4.10 до 4.14.92 включительно (Linux), от 4.15 до 4.19.14 включительно (Linux), от 4.20.0 до 4.20.1 включительно (Linux)

Possible Mitigations

Использование рекомендаций Для Polkit: https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81 https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19 Для Linux: https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.93 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.15 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.2 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.170 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.150 Для Debian: Обновление программного обеспечения (пакета linux) до 4.19.152-1 или более поздней версии Для Astra Linux: Обновление программного обеспечения (пакета linux) до 4.19.152-1 или более поздней версии Для Ubuntu: https://usn.ubuntu.com/3901-1/ https://usn.ubuntu.com/3901-2/ https://usn.ubuntu.com/3903-1/ https://usn.ubuntu.com/3903-2/ https://usn.ubuntu.com/3908-1/ https://usn.ubuntu.com/3908-2/ https://usn.ubuntu.com/3910-1/ https://usn.ubuntu.com/3910-2/ https://usn.ubuntu.com/3934-1/ https://usn.ubuntu.com/3934-2/ Для программных продуктов Red Hat Inc.: https://access.redhat.com/errata/RHSA-2019:0230 https://access.redhat.com/errata/RHSA-2019:0420 https://access.redhat.com/errata/RHSA-2019:0832 https://access.redhat.com/errata/RHSA-2019:2699 https://access.redhat.com/errata/RHSA-2019:2978 Для программных продуктов Novell Inc.: https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html

Reference

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918985 http://www.securityfocus.com/bid/106537 https://access.redhat.com/errata/RHSA-2019:0230 https://access.redhat.com/errata/RHSA-2019:0420 https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6133 https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81 https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.93 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.15 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.2 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.170 https://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.150 https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html https://support.f5.com/csp/article/K22715344 https://ubuntu.com/security/notices/USN-3901-1 https://ubuntu.com/security/notices/USN-3901-2 https://ubuntu.com/security/notices/USN-3903-1 https://ubuntu.com/security/notices/USN-3903-2 https://ubuntu.com/security/notices/USN-3908-1 https://ubuntu.com/security/notices/USN-3908-2 https://ubuntu.com/security/notices/USN-3910-1 https://ubuntu.com/security/notices/USN-3910-2 https://ubuntu.com/security/notices/USN-3934-1 https://ubuntu.com/security/notices/USN-3934-2 https://usn.ubuntu.com/3901-1/ https://usn.ubuntu.com/3901-2/ https://usn.ubuntu.com/3903-1/ https://usn.ubuntu.com/3903-2/ https://usn.ubuntu.com/3908-1/ https://usn.ubuntu.com/3908-2/ https://usn.ubuntu.com/3910-1/ https://usn.ubuntu.com/3910-2/ https://usn.ubuntu.com/3934-1/ https://usn.ubuntu.com/usn/usn-3901-1 https://usn.ubuntu.com/usn/usn-3901-2 https://usn.ubuntu.com/usn/usn-3903-1 https://usn.ubuntu.com/usn/usn-3903-2 https://usn.ubuntu.com/usn/usn-3908-1 https://usn.ubuntu.com/usn/usn-3908-2 https://usn.ubuntu.com/usn/usn-3910-1 https://usn.ubuntu.com/usn/usn-3910-2 https://usn.ubuntu.com/usn/usn-3934-1 https://usn.ubuntu.com/usn/usn-3934-2 https://www.cve.org/CVERecord?id=CVE-2019-6133

CWE

CWE-284, CWE-362

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Novell Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "Desktop 6 (Red Hat Enterprise Linux), Workstation 6 (Red Hat Enterprise Linux), Desktop 7 (Red Hat Enterprise Linux), Workstation 7 (Red Hat Enterprise Linux), 14.04 LTS (Ubuntu), 16.04 LTS (Ubuntu), 18.04 LTS (Ubuntu), 18.10 (Ubuntu), Server 6.0 (Red Hat Enterprise Linux), 0.115 (Polkit), 12.04 ESM (Ubuntu), Server 7.0 (Red Hat Enterprise Linux), Server 7.6 (Red Hat Enterprise Linux), Server AUS 7.6 (Red Hat Enterprise Linux), Server EUS 7.6 (Red Hat Enterprise Linux), Server TUS 7.6 (Red Hat Enterprise Linux), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 15.1 (OpenSUSE Leap), 8 (Debian GNU/Linux), 15.2 (OpenSUSE Leap), \u043e\u0442 4.0 \u0434\u043e 4.4.169 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.5 \u0434\u043e 4.9.149 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.10 \u0434\u043e 4.14.92 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.15 \u0434\u043e 4.19.14 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux), \u043e\u0442 4.20.0 \u0434\u043e 4.20.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Linux)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439\n\u0414\u043b\u044f Polkit:\nhttps://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81\nhttps://gitlab.freedesktop.org/polkit/polkit/merge_requests/19\n\n\u0414\u043b\u044f Linux:\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.93\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.15\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.2\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.170\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.150\n\n\u0414\u043b\u044f Debian:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 linux) \u0434\u043e 4.19.152-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 linux) \u0434\u043e 4.19.152-1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Ubuntu:\nhttps://usn.ubuntu.com/3901-1/\nhttps://usn.ubuntu.com/3901-2/\nhttps://usn.ubuntu.com/3903-1/\nhttps://usn.ubuntu.com/3903-2/\nhttps://usn.ubuntu.com/3908-1/\nhttps://usn.ubuntu.com/3908-2/\nhttps://usn.ubuntu.com/3910-1/\nhttps://usn.ubuntu.com/3910-2/\nhttps://usn.ubuntu.com/3934-1/\nhttps://usn.ubuntu.com/3934-2/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/errata/RHSA-2019:0230\nhttps://access.redhat.com/errata/RHSA-2019:0420\nhttps://access.redhat.com/errata/RHSA-2019:0832\nhttps://access.redhat.com/errata/RHSA-2019:2699\nhttps://access.redhat.com/errata/RHSA-2019:2978\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "08.01.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.06.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.04.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01338",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-6133",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Ubuntu, Polkit, Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), OpenSUSE Leap, Debian GNU/Linux, Linux",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux Desktop 6 , Red Hat Inc. Red Hat Enterprise Linux Workstation 6 , Red Hat Inc. Red Hat Enterprise Linux Desktop 7 , Red Hat Inc. Red Hat Enterprise Linux Workstation 7 , Canonical Ltd. Ubuntu 14.04 LTS , Canonical Ltd. Ubuntu 16.04 LTS , Canonical Ltd. Ubuntu 18.04 LTS , Canonical Ltd. Ubuntu 18.10 , Red Hat Inc. Red Hat Enterprise Linux Server 6.0 , Canonical Ltd. Ubuntu 12.04 ESM , Red Hat Inc. Red Hat Enterprise Linux Server 7.0 , Red Hat Inc. Red Hat Enterprise Linux Server 7.6 , Red Hat Inc. Red Hat Enterprise Linux Server AUS 7.6 , Red Hat Inc. Red Hat Enterprise Linux Server EUS 7.6 , Red Hat Inc. Red Hat Enterprise Linux Server TUS 7.6 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Novell Inc. OpenSUSE Leap 15.1 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , Novell Inc. OpenSUSE Leap 15.2 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Polkit \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Linux, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284), \u041e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e\u0435 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043e\u0431\u0449\u0435\u0433\u043e \u0440\u0435\u0441\u0443\u0440\u0441\u0430 \u0441 \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u0441\u0438\u043d\u0445\u0440\u043e\u043d\u0438\u0437\u0430\u0446\u0438\u0435\u0439 (\u00ab\u0421\u0438\u0442\u0443\u0430\u0446\u0438\u044f \u0433\u043e\u043d\u043a\u0438\u00bb) (CWE-362)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Polkit \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Linux \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918985\nhttp://www.securityfocus.com/bid/106537\nhttps://access.redhat.com/errata/RHSA-2019:0230\nhttps://access.redhat.com/errata/RHSA-2019:0420\nhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1692\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6133\nhttps://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf\nhttps://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81\nhttps://gitlab.freedesktop.org/polkit/polkit/merge_requests/19\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.93\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.15\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20.2\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.170\nhttps://kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.150\nhttps://lists.debian.org/debian-lts-announce/2019/01/msg00021.html\nhttps://support.f5.com/csp/article/K22715344\nhttps://ubuntu.com/security/notices/USN-3901-1\nhttps://ubuntu.com/security/notices/USN-3901-2\nhttps://ubuntu.com/security/notices/USN-3903-1\nhttps://ubuntu.com/security/notices/USN-3903-2\nhttps://ubuntu.com/security/notices/USN-3908-1\nhttps://ubuntu.com/security/notices/USN-3908-2\nhttps://ubuntu.com/security/notices/USN-3910-1\nhttps://ubuntu.com/security/notices/USN-3910-2\nhttps://ubuntu.com/security/notices/USN-3934-1\nhttps://ubuntu.com/security/notices/USN-3934-2\nhttps://usn.ubuntu.com/3901-1/\nhttps://usn.ubuntu.com/3901-2/\nhttps://usn.ubuntu.com/3903-1/\nhttps://usn.ubuntu.com/3903-2/\nhttps://usn.ubuntu.com/3908-1/\nhttps://usn.ubuntu.com/3908-2/\nhttps://usn.ubuntu.com/3910-1/\nhttps://usn.ubuntu.com/3910-2/\nhttps://usn.ubuntu.com/3934-1/\nhttps://usn.ubuntu.com/usn/usn-3901-1\nhttps://usn.ubuntu.com/usn/usn-3901-2\nhttps://usn.ubuntu.com/usn/usn-3903-1\nhttps://usn.ubuntu.com/usn/usn-3903-2\nhttps://usn.ubuntu.com/usn/usn-3908-1\nhttps://usn.ubuntu.com/usn/usn-3908-2\nhttps://usn.ubuntu.com/usn/usn-3910-1\nhttps://usn.ubuntu.com/usn/usn-3910-2\nhttps://usn.ubuntu.com/usn/usn-3934-1\nhttps://usn.ubuntu.com/usn/usn-3934-2\nhttps://www.cve.org/CVERecord?id=CVE-2019-6133",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284, CWE-362",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,7)"
}

CVE-2019-6133 (GCVE-0-2019-6133)

Vulnerability from cvelistv5 – Published: 2019-01-11 14:00 – Updated: 2024-08-04 20:16

Summary

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://gitlab.freedesktop.org/polkit/polkit/comm…	x_refsource_MISC
	https://usn.ubuntu.com/3903-2/	vendor-advisoryx_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2019:0230	vendor-advisoryx_refsource_REDHAT
	https://git.kernel.org/linus/7b55851367136b1efd84…	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://usn.ubuntu.com/3910-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/3901-2/	vendor-advisoryx_refsource_UBUNTU
	https://gitlab.freedesktop.org/polkit/polkit/merg…	x_refsource_MISC
	https://bugs.chromium.org/p/project-zero/issues/d…	x_refsource_MISC
	https://usn.ubuntu.com/3910-2/	vendor-advisoryx_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2019:0420	vendor-advisoryx_refsource_REDHAT
	https://usn.ubuntu.com/3908-2/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/3901-1/	vendor-advisoryx_refsource_UBUNTU
	https://usn.ubuntu.com/3903-1/	vendor-advisoryx_refsource_UBUNTU
	http://www.securityfocus.com/bid/106537	vdb-entryx_refsource_BID
	https://usn.ubuntu.com/3908-1/	vendor-advisoryx_refsource_UBUNTU
	https://support.f5.com/csp/article/K22715344	x_refsource_CONFIRM
	https://usn.ubuntu.com/3934-1/	vendor-advisoryx_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2019:0832	vendor-advisoryx_refsource_REDHAT
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2019…	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://usn.ubuntu.com/3934-2/	vendor-advisoryx_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2019:2699	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:2978	vendor-advisoryx_refsource_REDHAT

Date Public ?

2019-01-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:16:23.781Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81"
          },
          {
            "name": "USN-3903-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3903-2/"
          },
          {
            "name": "RHSA-2019:0230",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0230"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf"
          },
          {
            "name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
          },
          {
            "name": "USN-3910-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3910-1/"
          },
          {
            "name": "USN-3901-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3901-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692"
          },
          {
            "name": "USN-3910-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3910-2/"
          },
          {
            "name": "RHSA-2019:0420",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0420"
          },
          {
            "name": "USN-3908-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3908-2/"
          },
          {
            "name": "USN-3901-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3901-1/"
          },
          {
            "name": "USN-3903-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3903-1/"
          },
          {
            "name": "106537",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106537"
          },
          {
            "name": "USN-3908-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3908-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K22715344"
          },
          {
            "name": "USN-3934-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3934-1/"
          },
          {
            "name": "RHSA-2019:0832",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0832"
          },
          {
            "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
          },
          {
            "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
          },
          {
            "name": "openSUSE-SU-2019:1914",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html"
          },
          {
            "name": "USN-3934-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3934-2/"
          },
          {
            "name": "RHSA-2019:2699",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2699"
          },
          {
            "name": "RHSA-2019:2978",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2978"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-01-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "In PolicyKit (aka polkit) 0.115, the \"start time\" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-08T12:06:21.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81"
        },
        {
          "name": "USN-3903-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3903-2/"
        },
        {
          "name": "RHSA-2019:0230",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0230"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf"
        },
        {
          "name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
        },
        {
          "name": "USN-3910-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3910-1/"
        },
        {
          "name": "USN-3901-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3901-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692"
        },
        {
          "name": "USN-3910-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3910-2/"
        },
        {
          "name": "RHSA-2019:0420",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0420"
        },
        {
          "name": "USN-3908-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3908-2/"
        },
        {
          "name": "USN-3901-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3901-1/"
        },
        {
          "name": "USN-3903-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3903-1/"
        },
        {
          "name": "106537",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106537"
        },
        {
          "name": "USN-3908-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3908-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K22715344"
        },
        {
          "name": "USN-3934-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3934-1/"
        },
        {
          "name": "RHSA-2019:0832",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0832"
        },
        {
          "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
        },
        {
          "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
        },
        {
          "name": "openSUSE-SU-2019:1914",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html"
        },
        {
          "name": "USN-3934-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3934-2/"
        },
        {
          "name": "RHSA-2019:2699",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2699"
        },
        {
          "name": "RHSA-2019:2978",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2978"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-6133",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In PolicyKit (aka polkit) 0.115, the \"start time\" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81",
              "refsource": "MISC",
              "url": "https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81"
            },
            {
              "name": "USN-3903-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3903-2/"
            },
            {
              "name": "RHSA-2019:0230",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0230"
            },
            {
              "name": "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf",
              "refsource": "MISC",
              "url": "https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf"
            },
            {
              "name": "[debian-lts-announce] 20190128 [SECURITY] [DLA 1644-1] policykit-1 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html"
            },
            {
              "name": "USN-3910-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3910-1/"
            },
            {
              "name": "USN-3901-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3901-2/"
            },
            {
              "name": "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19",
              "refsource": "MISC",
              "url": "https://gitlab.freedesktop.org/polkit/polkit/merge_requests/19"
            },
            {
              "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692",
              "refsource": "MISC",
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1692"
            },
            {
              "name": "USN-3910-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3910-2/"
            },
            {
              "name": "RHSA-2019:0420",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0420"
            },
            {
              "name": "USN-3908-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3908-2/"
            },
            {
              "name": "USN-3901-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3901-1/"
            },
            {
              "name": "USN-3903-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3903-1/"
            },
            {
              "name": "106537",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106537"
            },
            {
              "name": "USN-3908-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3908-1/"
            },
            {
              "name": "https://support.f5.com/csp/article/K22715344",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K22715344"
            },
            {
              "name": "USN-3934-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3934-1/"
            },
            {
              "name": "RHSA-2019:0832",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0832"
            },
            {
              "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html"
            },
            {
              "name": "[debian-lts-announce] 20190528 [SECURITY] [DLA 1799-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html"
            },
            {
              "name": "openSUSE-SU-2019:1914",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html"
            },
            {
              "name": "USN-3934-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3934-2/"
            },
            {
              "name": "RHSA-2019:2699",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2699"
            },
            {
              "name": "RHSA-2019:2978",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2978"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-6133",
    "datePublished": "2019-01-11T14:00:00.000Z",
    "dateReserved": "2019-01-11T00:00:00.000Z",
    "dateUpdated": "2024-08-04T20:16:23.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-01338

CVE-2019-6133 (GCVE-0-2019-6133)

Tags

Sightings

Nomenclature