Test ID:	1.3.6.1.4.1.25623.1.0.70408
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 2319-1 (policykit-1)
Summary:	The remote host is missing an update to policykit-1;announced via advisory DSA 2319-1.
Description:	Summary: The remote host is missing an update to policykit-1 announced via advisory DSA 2319-1. Vulnerability Insight: Neel Mehta discovered that a race condition in Policykit, a framework for managing administrative policies and privileges, allowed local users to elevate privileges by executing a setuid program from pkexec. The oldstable distribution (lenny) does not contain the policykit-1 package. For the stable distribution (squeeze), this problem has been fixed in version 0.96-4+squeeze1. For the testing distribution (wheezy) and unstable distribution (sid), this problem has been fixed in version 0.101-4. Solution: We recommend that you upgrade your policykit-1 packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-1485 Debian Security Information: DSA-2319 (Google Search) http://www.debian.org/security/2011/dsa-2319 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058752.html http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059859.html http://security.gentoo.org/glsa/glsa-201204-06.xml http://www.mandriva.com/security/advisories?name=MDVSA-2011:086 http://www.redhat.com/support/errata/RHSA-2011-0455.html http://secunia.com/advisories/48817 http://securityreason.com/securityalert/8424 http://www.ubuntu.com/usn/USN-1117-1
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.