FreeBSD : polkit -- multiple vulnerabilities (631fc042-b636-11e5-83ef-14dae9d210b8)

Medium Nessus Plugin ID 87831

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Colin Walters reports :

- Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.

- The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.

- The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in action descriptions.

- PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to 'javascript rule evaluation.'

Solution

Update the affected package.

See Also

http://www.nessus.org/u?391665dc

http://www.nessus.org/u?67f8ade7

Plugin Details

Severity: Medium

ID: 87831

File Name: freebsd_pkg_631fc042b63611e583ef14dae9d210b8.nasl

Version: 2.3

Type: local

Published: 2016/01/11

Updated: 2018/11/21

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:polkit, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2016/01/08

Vulnerability Publication Date: 2015/06/03

Reference Information

CVE: CVE-2015-3218, CVE-2015-3255, CVE-2015-3256, CVE-2015-4625