Denial of Service Vulnerability in PolicyKit by Red Hat
CVE-2015-3218

Currently unrated

Key Information:

Vendor: Polkit Project
Status: Polkit
Vendor: CVE Published:; 26 October 2015

What is CVE-2015-3218?

The authentication_agent_new function in PolicyKit before version 0.113 is vulnerable to a denial of service attack. A local user can exploit this vulnerability by calling RegisterAuthenticationAgent with an invalid object path, leading to a NULL pointer dereference that crashes the polkitd daemon. This disruption can affect the system's ability to perform authentication tasks.

References

http://lists.freedesktop.org/archives/polkit-devel/2015-M...

mailing-listx_refsource_MLIST

https://usn.ubuntu.com/3717-1/

vendor-advisoryx_refsource_UBUNTU

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Timeline

Vulnerability published
Oct 26, 2015
Vulnerability Reserved
Apr 10, 2015

Polkit Project

What is CVE-2015-3218?

References

Timeline