Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 672578 (CVE-2018-19788)

Summary: <sys-auth/polkit-0.115-r2: Unprivileged users with UID > INT_MAX can successfully execute privileged operations
Product: Gentoo Security Reporter: Vlad K. <vk-gentoo-bugs>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: freedesktop-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://gitlab.freedesktop.org/polkit/polkit/issues/74
See Also: https://github.com/systemd/systemd/issues/11026
Whiteboard: B1 [glsa+ cve]
Package list:
Runtime testing required: ---
Bug Depends on: 661470    
Bug Blocks:    

Description Vlad K. 2018-12-05 18:06:42 UTC 
* CVE-2018-19788

  https://gitlab.freedesktop.org/polkit/polkit/issues/74

  "A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a
  uid greater than INT_MAX to successfully execute any systemctl command."
  -- CVE listing

According to the original issue comments though, this vuln is not only about systemctl commands, but "any PK services".

--
Gentoo Security Scout
Vladimir Krstulja
Comment 2 Mike Gilbert gentoo-dev 2018-12-05 19:32:06 UTC 
I suggest waiting a bit for this to be merged.

https://gitlab.freedesktop.org/polkit/polkit/merge_requests/14
Comment 3 Craig Andrews gentoo-dev 2018-12-06 21:42:37 UTC 
(In reply to Mike Gilbert from comment #2)
> I suggest waiting a bit for this to be merged.
> 
> https://gitlab.freedesktop.org/polkit/polkit/merge_requests/14

That PR has been merged and is now closed.
Comment 4 Larry the Git Cow gentoo-dev 2018-12-06 23:11:45 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf27a98f65a37ac7ed9086a08999aec70dc9dfbb

commit cf27a98f65a37ac7ed9086a08999aec70dc9dfbb
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2018-12-06 23:11:06 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2018-12-06 23:11:39 +0000

    sys-auth/polkit: backport fix for CVE-2018-19788
    
    Bug: https://bugs.gentoo.org/672578
    Package-Manager: Portage-2.3.52_p8, Repoman-2.3.12_p20
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 sys-auth/polkit/files/CVE-2018-19788.patch | 339 +++++++++++++++++++++++++++++
 sys-auth/polkit/polkit-0.115-r2.ebuild     | 142 ++++++++++++
 2 files changed, 481 insertions(+)
Comment 5 Mike Gilbert gentoo-dev 2018-12-06 23:12:23 UTC 
Let's wait a couple days before stabilizing please.
Comment 6 Matt Turner gentoo-dev 2019-06-29 16:48:59 UTC 
security@: ping
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2019-08-15 15:55:55 UTC 
This issue was resolved and addressed in
 GLSA 201908-14 at https://security.gentoo.org/glsa/201908-14
by GLSA coordinator Aaron Bauman (b-man).