Integer Overflow Vulnerability in PolicyKit Affects Local User Privileges
CVE-2015-4625

Currently unrated

Key Information:

Vendor: Fedoraproject
Status: Fedora; Opensuse
Vendor: CVE Published:; 26 October 2015

🔔 Create Fedoraproject Vulnerability Alert

What is CVE-2015-4625?

The vulnerability exists in the authentication_agent_new_cookie function in PolicyKit prior to version 0.113. An integer overflow issue permits local users to create a high volume of connections, leading to the generation of duplicate cookie values. This flaw can be exploited to escalate privileges on affected systems, potentially enabling unauthorized access to sensitive resources.

References

http://lists.freedesktop.org/archives/polkit-devel/2015-J...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/75267

vdb-entryx_refsource_BID

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2015
Vulnerability Reserved
Jun 16, 2015