| Secunia Advisory:
|
SA29755
|
|
|
Release Date:
|
2008-04-09
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Privilege escalation
DoS
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| OS: | Fedora 8
|
|
| | CVE reference: | CVE-2008-1658 (Secunia mirror) |
Description:
Fedora has issued an update for PolicyKit. This
fixes a vulnerability, which can be exploited by malicious, local users
to cause a DoS (Denial of Service) or to bypass certain security
restrictions.
The vulnerability is caused due to a format string error within the
PolicyKit grant helper. This can be exploited to cause a crash or to
bypass authentication.
Solution:
Apply updated packages via the yum utility ("yum update PolicyKit").
Provided and/or discovered by:
Reported in a Ubuntu bug report.
Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00176.html
https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/205037
|
