Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 555666 (CVE-2015-3255) - <sys-auth/polkit-0.113: Heap-corruption on duplicate ids (CVE-2015-3255)
Summary: <sys-auth/polkit-0.113: Heap-corruption on duplicate ids (CVE-2015-3255)
Status: RESOLVED FIXED
Alias: CVE-2015-3255
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-07-23 07:40 UTC by Agostino Sarubbo
Modified: 2016-11-15 07:24 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-07-23 07:40:02 UTC
From ${URL} :

t was reported that if polkit, while reading action descriptions from /usr/share/polkit-1/actions, encounters a duplicate action ID, it corrupts the heap.
The effects of corruption are e.g. visible on stderr as frequent use of unrelated strings when running polkit without --no-debug.

Presumably a local attacker might be able to manipulate polkit’s heap enough to achieve privilege escalation through this.

Upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=83590


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Pacho Ramos gentoo-dev 2015-07-23 15:03:59 UTC
Per:
https://bugs.freedesktop.org/show_bug.cgi?id=83590#c7


this is fixed in 0.113... that should be ok to go to stable as explained at bug 554878
Comment 2 Gilles Dartiguelongue gentoo-dev 2015-12-17 14:26:18 UTC
polkit-0.113 is now stable, must cleanup 0.112-r3.
Comment 3 Yury German Gentoo Infrastructure gentoo-dev 2015-12-25 00:45:45 UTC
Arches, Thank you for your work.
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 4 Gilles Dartiguelongue gentoo-dev 2016-01-02 10:32:36 UTC
Vulnerable ebuilds cleaned up.
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2016-02-25 08:37:43 UTC
Maintainer(s), Thank you for your work.
Comment 6 GLSAMaker/CVETool Bot gentoo-dev 2016-11-15 07:24:33 UTC
This issue was resolved and addressed in
 GLSA 201611-07 at https://security.gentoo.org/glsa/201611-07
by GLSA coordinator Aaron Bauman (b-man).