Format String Vulnerability in PolicyKit Affects Multiple Versions
CVE-2008-1658

Currently unrated

Key Information:

Vendor: Freedesktop
Status: Policykit
Vendor: CVE Published:; 11 April 2008

🔔 Create Freedesktop Vulnerability Alert

What is CVE-2008-1658?

The format string vulnerability in PolicyKit's grant helper (polkit-grant-helper.c) allows attackers to exploit improperly handled format strings in password inputs. This could result in a denial of service, causing the application to crash, and may potentially allow the execution of arbitrary code. Various distributions like Ubuntu, Mandriva, and Fedora have provided advisories regarding this vulnerability, urging users to update their systems to mitigate the risks associated with this issue.

References

https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/...

x_refsource_CONFIRM

http://www.mandriva.com/security/advisories?name=MDVSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://gitweb.freedesktop.org/?p=PolicyKit.git%3Ba=commit...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 11, 2008
Vulnerability Reserved
Apr 2, 2008

JSON