Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 314535 (CVE-2010-0750)

Summary: <sys-auth/polkit-0.101-r1: Minor information disclosure (CVE-2010-0750)
Product: Gentoo Security Reporter: Tomás Touceda (RETIRED) <chiiph>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: freedesktop-bugs, nirbheek
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://bugs.freedesktop.org/show_bug.cgi?id=26982
Whiteboard: A4 [glsa]
Package list:
Runtime testing required: ---

Description Tomás Touceda (RETIRED) gentoo-dev 2010-04-10 15:40:34 UTC
pkexec is vulnerable to a minor information disclosure vulnerability that
allows an attacker to verify whether or not arbitrary files exist, violating
directory permissions.

There's a patch for this issue:

http://cgit.freedesktop.org/PolicyKit/commit/?id=14bdfd816512a82b1ad258fa143ae5faa945df8a
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-11 14:02:35 UTC
CVE-2010-0750 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0750):
  pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users
  to determine the existence of arbitrary files via the argument.

Comment 2 Daniel Gryniewicz (RETIRED) gentoo-dev 2010-04-11 14:13:50 UTC
pkexec is part of sys-auth/polkit, not sys-auth/policykit (I know, it's confusing, even to me; I had to look when the patch failed to apply).
Comment 3 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-11 14:23:03 UTC
You're trying to confuse the security team! ;)

So does the patch apply? If so, we can close this [noglsa].
Comment 4 Daniel Gryniewicz (RETIRED) gentoo-dev 2010-04-11 14:28:03 UTC
Sorry, I'm not trying to confuse anyone... I don't maintain polkit, I maintain policykit, so this should presumably be re-assigned to nirbheek.
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-11 14:34:33 UTC
That was just a (silly) joke. ;)
Thanks for pointing it out, reassigning...
Comment 6 Stefan Behte (RETIRED) gentoo-dev Security 2010-04-11 14:39:32 UTC
Sorry for todays bugspam everyone. ;)
Comment 7 Nirbheek Chauhan (RETIRED) gentoo-dev 2010-07-07 17:03:35 UTC
I co-maintain with freedesktop-bugs.

Also, seeing that this is a minor security problem, do you folks want a new revision with this patch? Or would you prefer to wait for a release?
Comment 8 Sean Amoss (RETIRED) gentoo-dev Security 2012-03-27 23:10:40 UTC
Re-rating as A4: at the time this bug was opened, ~4 was correct but then 0.96-r1 was stabilized and vulnerable. First fixed and stable version appears to be 0.101-r1.

Added to existing GLSA request.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2012-04-17 23:44:32 UTC
This issue was resolved and addressed in
 GLSA 201204-06 at http://security.gentoo.org/glsa/glsa-201204-06.xml
by GLSA coordinator Sean Amoss (ackle).