Mandriva Update For Polkit MDVSA-2011:086 (polkit) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in polkit: A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon. A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec (CVE-2011-1485). The updated packages have been patched to correct this issue.

Affected

polkit on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64

Severity

Classification

CVE CVE-2011-1485

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:192 (phpmyadmin)
Mandrake Security Advisory MDVSA-2009:054 (nagios)
Mandrake Security Advisory MDVSA-2009:004 (pam_mount)
Mandrake Security Advisory MDVSA-2009:018 (tomcat5)
Mandrake Security Advisory MDVSA-2009:186 (firebird)

Mandriva Update for polkit MDVSA-2011:086 (polkit)

Take action and discover your vulnerabilities