Gentoo Local Security Checks : Gentoo Security Advisory GLSA 201204-06 (polkit)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.71316

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 201204-06 (polkit)

Resumen: The remote host is missing updates announced in;advisory GLSA 201204-06.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 201204-06.

Vulnerability Insight:
Multiple vulnerabilities have been found in PolicyKit, the worst of
which may allow a local attacker to gain root privileges.

Solution:
All PolicyKit users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=sys-auth/polkit-0.104-r1'

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0750
http://security.gentoo.org/glsa/glsa-201204-06.xml
http://marc.info/?l=oss-security&m=127014095301235&w=2
http://marc.info/?l=oss-security&m=127014999113790&w=2
http://secunia.com/advisories/39149
http://secunia.com/advisories/48817
XForce ISS Database: policykit-pkexec-info-disc(57543)
https://exchange.xforce.ibmcloud.com/vulnerabilities/57543
Common Vulnerability Exposure (CVE) ID: CVE-2011-1485
48817
8424
http://securityreason.com/securityalert/8424
DSA-2319
http://www.debian.org/security/2011/dsa-2319
FEDORA-2011-5589
http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058752.html
FEDORA-2011-5676
http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059859.html
GLSA-201204-06
MDVSA-2011:086
http://www.mandriva.com/security/advisories?name=MDVSA-2011:086
RHSA-2011:0455
http://www.redhat.com/support/errata/RHSA-2011-0455.html
USN-1117-1
http://www.ubuntu.com/usn/USN-1117-1
https://bugzilla.redhat.com/show_bug.cgi?id=692922
Common Vulnerability Exposure (CVE) ID: CVE-2011-4945
[oss-security] 20120327 CVE Request: PolicyKit change allows users in "wheel" group to become root without a password
http://www.openwall.com/lists/oss-security/2012/03/28/1
[oss-security] 20120327 Re: CVE Request: PolicyKit change allows users in "wheel" group to become root without a password
http://www.openwall.com/lists/oss-security/2012/03/28/2
[polkit-devel] 20111206 polkit 0.103
http://www.mail-archive.com/polkit-devel%40lists.freedesktop.org/msg00327.html
http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9
http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch
https://bugs.gentoo.org/show_bug.cgi?id=401513
https://launchpad.net/ubuntu/+source/policykit-1/0.103-1

Copyright Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.71316
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 201204-06 (polkit)
Resumen:	The remote host is missing updates announced in;advisory GLSA 201204-06.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 201204-06. Vulnerability Insight: Multiple vulnerabilities have been found in PolicyKit, the worst of which may allow a local attacker to gain root privileges. Solution: All PolicyKit users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-auth/polkit-0.104-r1' CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0750 http://security.gentoo.org/glsa/glsa-201204-06.xml http://marc.info/?l=oss-security&m=127014095301235&w=2 http://marc.info/?l=oss-security&m=127014999113790&w=2 http://secunia.com/advisories/39149 http://secunia.com/advisories/48817 XForce ISS Database: policykit-pkexec-info-disc(57543) https://exchange.xforce.ibmcloud.com/vulnerabilities/57543 Common Vulnerability Exposure (CVE) ID: CVE-2011-1485 48817 8424 http://securityreason.com/securityalert/8424 DSA-2319 http://www.debian.org/security/2011/dsa-2319 FEDORA-2011-5589 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058752.html FEDORA-2011-5676 http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059859.html GLSA-201204-06 MDVSA-2011:086 http://www.mandriva.com/security/advisories?name=MDVSA-2011:086 RHSA-2011:0455 http://www.redhat.com/support/errata/RHSA-2011-0455.html USN-1117-1 http://www.ubuntu.com/usn/USN-1117-1 https://bugzilla.redhat.com/show_bug.cgi?id=692922 Common Vulnerability Exposure (CVE) ID: CVE-2011-4945 [oss-security] 20120327 CVE Request: PolicyKit change allows users in "wheel" group to become root without a password http://www.openwall.com/lists/oss-security/2012/03/28/1 [oss-security] 20120327 Re: CVE Request: PolicyKit change allows users in "wheel" group to become root without a password http://www.openwall.com/lists/oss-security/2012/03/28/2 [polkit-devel] 20111206 polkit 0.103 http://www.mail-archive.com/polkit-devel%40lists.freedesktop.org/msg00327.html http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9 http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch https://bugs.gentoo.org/show_bug.cgi?id=401513 https://launchpad.net/ubuntu/+source/policykit-1/0.103-1
Copyright	Copyright (C) 2012 E-Soft Inc.