An intended security policy restriction bypass was found in the way ConsoleKit identified VNC sessions originating from remote host. A valid, authenticated system user could use this flaw to escalate their privileges (become member of more privileged policy group) by initiating a remote VNC session. Upstream bug report: [1] https://bugs.freedesktop.org/show_bug.cgi?id=28377
This issue affects the versions of the ConsoleKit package, as shipped with Fedora release of 11, 12, and 13. This issue affects the version of the ConsoleKit package as shipped with Red Hat Enterprise Linux 6.
This is public via the upstream bug. I'm opening this up. I've assigned this bug CVE-2010-4664