CVE-2015-4625

Description

Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.

How to fix CVE-2015-4625

To remediate CVE-2015-4625, upgrade the affected package to a fixed version below.

• Debian/policykit-1—upgrade to 0.105-12 or later

Is CVE-2015-4625 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.105-12

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-4625