Debian Security Advisory DSA 2319-1 (policykit-1) Network Vulnerability

Summary

The remote host is missing an update to policykit-1 announced via advisory DSA 2319-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202319-1

Insight

Neel Mehta discovered that a race condition in Policykit, a framework for managing administrative policies and privileges, allowed local users to elevate privileges by executing a setuid program from pkexec. The oldstable distribution (lenny) does not contain the policykit-1 package. For the stable distribution (squeeze), this problem has been fixed in version 0.96-4+squeeze1. For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in version 0.101-4. We recommend that you upgrade your policykit-1 packages.

Severity

Classification

CVE CVE-2011-1485

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1139-1 (ruby1.6)
Debian Security Advisory DSA 1107-1 (gnupg)
Debian Security Advisory DSA 1061-1 (popfile)
Debian Security Advisory DSA 1065-1 (hostapd)
Debian Security Advisory DSA 1093-1 (xine-ui)

Take action and discover your vulnerabilities