CVE-2011-1485 — policykit-1 - race condition

Description

Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.

How to fix CVE-2011-1485

To remediate CVE-2011-1485, upgrade the affected package to a fixed version below.

Debian/policykit-1—upgrade to 0.101-4 or later
Debian/policykit-1—upgrade to 0.96-4+squeeze1 or later

Is CVE-2011-1485 being exploited?

Moderate — EPSS is 5.5%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

from 0, < 0.101-4
from 0, < 0.96-4+squeeze1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2011-1485