Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.2.2020.1424
Categoría:Huawei EulerOS Local Security Checks
Título:Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2020-1424)
Resumen:The remote host is missing an update for the Huawei EulerOS 'polkit' package(s) announced via the EulerOS-SA-2020-1424 advisory.
Descripción:Summary:
The remote host is missing an update for the Huawei EulerOS 'polkit' package(s) announced via the EulerOS-SA-2020-1424 advisory.

Vulnerability Insight:
The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.(CVE-2015-3218)



The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.(CVE-2015-3255)



Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.(CVE-2015-4625)

Affected Software/OS:
'polkit' package(s) on Huawei EulerOS V2.0SP3.

Solution:
Please install the updated package(s).

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2015-3218
BugTraq ID: 76086
http://www.securityfocus.com/bid/76086
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html
http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html
http://lists.freedesktop.org/archives/polkit-devel/2015-May/000421.html
http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html
http://www.securitytracker.com/id/1035023
SuSE Security Announcement: openSUSE-SU-2015:1734 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
SuSE Security Announcement: openSUSE-SU-2015:1927 (Google Search)
http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html
https://usn.ubuntu.com/3717-1/
Common Vulnerability Exposure (CVE) ID: CVE-2015-3255
https://security.gentoo.org/glsa/201611-07
https://usn.ubuntu.com/3717-2/
Common Vulnerability Exposure (CVE) ID: CVE-2015-4625
BugTraq ID: 75267
http://www.securityfocus.com/bid/75267
http://www.openwall.com/lists/oss-security/2015/06/08/3
http://www.openwall.com/lists/oss-security/2015/06/09/1
http://www.openwall.com/lists/oss-security/2015/06/16/21
http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html
http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.