Back to bug 1300746
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Adam Mariš | 2016-01-21 15:42:41 UTC | Depends On | 1300747 | |
| Adam Mariš | 2016-01-21 15:43:13 UTC | Depends On | 1299955 | |
| Adam Mariš | 2016-01-21 15:44:29 UTC | Blocks | 1300748 | |
| Slawomir Czarko | 2016-01-22 07:55:44 UTC | CC | slawomir | |
| Federico Manuel Bento | 2016-01-26 14:37:03 UTC | CC | up201407890 | |
| Salvatore Bonaccorso | 2016-02-14 07:54:01 UTC | CC | carnil | |
| Andrej Nemec | 2016-02-26 07:52:42 UTC | Alias | CVE-2016-2568 | |
| Andrej Nemec | 2016-02-26 07:52:47 UTC | Summary | polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl | CVE-2016-2568 polkit: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl |
| Cedric Buissart | 2016-09-29 12:44:55 UTC | CC | cbuissar | |
| Cedric Buissart | 2016-10-04 08:19:08 UTC | Whiteboard | impact=moderate,public=20160119,reported=20160119,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-6/polkit=new,rhel-7/polkit=new,fedora-all/polkit=affected | impact=moderate,public=20160119,reported=20160119,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-6/polkit=affected,rhel-7/polkit=affected,fedora-all/polkit=affected |
| Cedric Buissart | 2017-08-24 12:36:30 UTC | Whiteboard | impact=moderate,public=20160119,reported=20160119,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-6/polkit=affected,rhel-7/polkit=affected,fedora-all/polkit=affected | impact=moderate,public=20160119,reported=20160119,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-6/polkit=wontfix,rhel-7/polkit=affected,fedora-all/polkit=affected |
| Cedric Buissart | 2018-03-05 12:20:10 UTC | Status | NEW | CLOSED |
| Resolution | --- | WONTFIX | ||
| Doc Text | It was found that pkexec was vulnerable to TIOCSTI ioctl attacks, allowing the executed program to push characters to its TTY's input buffer. While being executed as a non-privileged user, a specially crafted program could force its parent TTY to enter commands, interpreted by the shell when pkexec exits. | |||
| Whiteboard | impact=moderate,public=20160119,reported=20160119,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,rhel-6/polkit=wontfix,rhel-7/polkit=affected,fedora-all/polkit=affected | impact=moderate,public=20160119,reported=20160119,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=6.1/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=cwe-270,rhel-6/polkit=wontfix,rhel-7/polkit=wontfix,fedora-all/polkit=affected | ||
| Last Closed | 2018-03-05 07:20:10 UTC | |||
| Laura Pardo | 2018-05-04 17:26:17 UTC | Whiteboard | impact=moderate,public=20160119,reported=20160119,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=6.1/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=cwe-270,rhel-6/polkit=wontfix,rhel-7/polkit=wontfix,fedora-all/polkit=affected | impact=moderate,public=20160119,reported=20160119,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=6.1/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-270,rhel-6/polkit=wontfix,rhel-7/polkit=wontfix,fedora-all/polkit=affected |
| Product Security DevOps Team | 2019-09-29 13:42:36 UTC | Whiteboard | impact=moderate,public=20160119,reported=20160119,source=researcher,cvss2=5.1/AV:N/AC:H/Au:N/C:P/I:P/A:P,cvss3=6.1/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L,cwe=CWE-270,rhel-6/polkit=wontfix,rhel-7/polkit=wontfix,fedora-all/polkit=affected | |
| Huzaifa S. Sidhpurwala | 2020-12-24 08:39:06 UTC | CC | polkit-devel | |
| Huzaifa S. Sidhpurwala | 2020-12-24 10:29:48 UTC | Depends On | 1910646 |
Back to bug 1300746