GLSA-201204-06 : PolicyKit: Multiple vulnerabilities
Medium Nessus Plugin ID 59622
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201204-06 (PolicyKit: Multiple vulnerabilities)
Multiple vulnerabilities have been found in PolicyKit:
Error messages in the pkexec utility disclose the existence of local files (CVE-2010-0750).
The pkexec utility initially checks the effective user ID of its parent process for authorization, instead of checking the real user ID (CVE-2011-1485).
Members of the 'wheel' group are able to execute commands as an administrator without a password (CVE-2011-4945).
A local attacker could gain elevated privileges or sensitive information.
There is no known workaround at this time.
SolutionAll PolicyKit users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=sys-auth/polkit-0.104-r1'