Bug 1233808 (CVE-2015-4625) - CVE-2015-4625 polkit: potential information disclosure vulnerability due to cookie counter wrapping
Summary: CVE-2015-4625 polkit: potential information disclosure vulnerability due to c...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2015-4625
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=low,public=20150529,reported=2...
Depends On: 1233810
Blocks: 1233809
TreeView+ depends on / blocked
 
Reported: 2015-06-19 13:34 UTC by Vasyl Kaigorodov
Modified: 2019-06-08 20:38 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-11-09 06:04:49 UTC


Attachments (Terms of Use)

Description Vasyl Kaigorodov 2015-06-19 13:34:41 UTC
Following issue was reported in https://bugs.freedesktop.org/show_bug.cgi?id=90837 :
"""
The "cookie" value that Polkit hands out is global to all polkit
users.  And when `AuthenticationAgentResponse` is invoked, we
previously only received the cookie and target identity, and attempted
to find an agent from that.

The problem is that the current cookie is just an integer
counter, and if it overflowed, it would be possible for
an successful authorization in one session to trigger a response
in another session.
"""

Upstream fixes:
http://cgit.freedesktop.org/polkit/commit/?id=493aa5dc1d278ab9097110c1262f5229bbaf1766
http://cgit.freedesktop.org/polkit/commit/?id=fb5076b7c05d01a532d593a4079a29cf2d63a228

This CVE also covers the issue reported in https://bugs.freedesktop.org/show_bug.cgi?id=90832 , see http://openwall.com/lists/oss-security/2015/06/16/21

Comment 1 Vasyl Kaigorodov 2015-06-19 13:35:44 UTC
Created polkit tracking bugs for this issue:

Affects: fedora-all [bug 1233810]

Comment 3 Fedora Update System 2015-07-13 19:08:54 UTC
polkit-0.113-1.fc22 has been pushed to the Fedora 22 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2015-07-21 08:23:38 UTC
polkit-0.113-4.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.