polkit: fixing stat race condition (CVE-2011-1485)
A race condition exists in pkexec while trying to determine
its caller which could lead to privilege escalation.
CVE-2011-1485 has been assigned to this issue.
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 4439
Fixed bugs
bnc#688788
VUL-0: polkit: stat race condition (CVE-2011-1485)
bnc#638784
polkit: memory leak after normal usage
CVE#CVE-2011-1485
Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.
