Vulnerability Details : CVE-2011-4945
PolicyKit 0.103 sets the AdminIdentities to "wheel" by default, which allows local users in the wheel group to gain root privileges without authentication.
Products affected by CVE-2011-4945
- cpe:2.3:a:michael_biebl:policykit:0.103:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-4945
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-4945
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST |
CWE ids for CVE-2011-4945
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4945
-
http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9
-
http://security.gentoo.org/glsa/glsa-201204-06.xml
PolicyKit: Multiple vulnerabilities (GLSA 201204-06) — Gentoo security
-
http://www.mail-archive.com/polkit-devel%40lists.freedesktop.org/msg00327.html
polkit 0.103
-
https://launchpad.net/ubuntu/+source/policykit-1/0.103-1
0.103-1 : policykit-1 package : Ubuntu
-
http://www.openwall.com/lists/oss-security/2012/03/28/1
oss-security - CVE Request: PolicyKit change allows users in "wheel" group to become root without a password
-
http://www.openwall.com/lists/oss-security/2012/03/28/2
oss-security - Re: CVE Request: PolicyKit change allows users in "wheel" group to become root without a password
-
https://bugs.gentoo.org/show_bug.cgi?id=401513
401513 – (CVE-2011-4945) <sys-auth/polkit-0.104-r1 sets AdminIdentities to group wheel (CVE-2011-4945)
-
http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch
Jump to