Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in polkit
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in polkit
ID: USN-1953-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 12.10, Ubuntu 13.04
Datum: Mi, 18. September 2013, 18:40
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4288
Applikationen: policykit

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============1476165317187609585==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enig0C6E1A02D1A91C9DEC78B2C6"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig0C6E1A02D1A91C9DEC78B2C6
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1953-1
September 18, 2013

policykit-1 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS

Summary:

polkit could be tricked into giving out improper authorization.

Software Description:
- policykit-1: framework for managing administrative policies and privileges

Details:

It was discovered that polkit didn't allow applications to use the pkcheck
tool in a way which prevented a race condition in the UID lookup. A local
attacker could use this flaw to possibly escalate privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
policykit-1 0.105-1ubuntu1.1

Ubuntu 12.10:
policykit-1 0.104-2ubuntu1.1

Ubuntu 12.04 LTS:
policykit-1 0.104-1ubuntu1.1

Ubuntu 10.04 LTS:
policykit-1 0.96-2ubuntu0.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1953-1
CVE-2013-4288

Package Information:
https://launchpad.net/ubuntu/+source/policykit-1/0.105-1ubuntu1.1
https://launchpad.net/ubuntu/+source/policykit-1/0.104-2ubuntu1.1
https://launchpad.net/ubuntu/+source/policykit-1/0.104-1ubuntu1.1
https://launchpad.net/ubuntu/+source/policykit-1/0.96-2ubuntu0.2



--------------enig0C6E1A02D1A91C9DEC78B2C6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJSOcFJAAoJEGVp2FWnRL6Tm/AP/i6mD5rAiETxyW7DiOxO8ir9
gxbtM/GVXGJpjfjCGP8OFKnOFSSkwFHbCrbnAbnc4+jXp5Vo2kOP7Noi1/KQ7FQv
VhSj0N45bABEmXsLOiSJFSgtwFkdUSDBAgb6aiv9sDdWVxzdZkwHaKo1MmG+u4HM
G/fvU4pS6Qy3yy6pBF8Y9yLmOGUJjGsETSw8ZYiIO9CC8Eg2nMQ/ElEsvl9HycI1
zANg0YFMk7G3uU8qgegpighCsvX4I414rOJRPBODj05rrdtPi90rq4IHv9S9PaqG
IN9avXd951nfB79Tkdq4Vrr4MkvaRP7rA2fN5Eb5rYf/OR/ounPNi5StgTPTnx0K
Zvh0/yn6LKo1CqsNPQ7Ks7ggR8mDGtDf3LdSHb+xSdj7a3y2ryrfeOTZk8Kb9YX8
Nj/ehnRJNOnMkhHqzJpHWp/JT9aIY6cQ06V+Hg9LvgCj+9X6j9eo3/UXZdS5LRev
LmW4LmJT41sVnmfkhLDu8WdU36Qcmm6lps7F38od6mD9YWzdZ/cw5s7uU2K1EvPa
DlBmUS+5UWm30JThtnJHsW0Gz/j6Hk19FSUaJnIU+JStM1KlG3n4hPaNocjsOJHV
d7rXR+t6dSJpFztEYz8mlsFTF79KsP009dvOjkUK23VcvX3y4+AAn3BFHkO0Nkt+
UmMA6+2lL3jRywDj+QHu
=/omV
-----END PGP SIGNATURE-----

--------------enig0C6E1A02D1A91C9DEC78B2C6--


--===============1476165317187609585==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============1476165317187609585==--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung