Published: 31/05/2011 Updated: 19/12/2012

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 705

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat policykit 0.96

Debian Bug report logs - #644500 policykit-1 local root exploit CVE-2011-1485 Package: policykit-1; Maintainer for policykit-1 is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for policykit-1 is src:policykit-1 (PTS, buildd, popcon) Reported by: "Thijs Kinkhorst" <thijs@debianorg> ...

Local users could gain root access by using the pkexec tool in PolicyKit ...

Neel Mehta discovered that a race condition in Policykit, a framework for managing administrative policies and privileges, allowed local users to elevate privileges by executing a setuid program from pkexec The oldstable distribution (lenny) does not contain the policykit-1 package For the stable distribution (squeeze), this problem has been fixe ...

/* * Exploit Title: pkexec Race condition (CVE-2011-1485) exploit * Author: xi4oyu * Tested on: rhel 6 * CVE : 2011-1485 * Linux pkexec exploit by xi4oyu , thx dm@0x557org * Have fun~ ¡Á U can reach us @ wwwwooyunorg :) */ #include <stdioh> #include <limitsh> #include <timeh> #include <unistdh> #include &lt ...

/* polkit-pwnagec * * * ============================== * = PolicyKit Pwnage = * = by zx2c4 = * = Sept 2, 2011 = * ============================== * * * Howdy folks, * * This exploits CVE-2011-1485, a race condition in PolicyKit * * davidz25 explains: * * --begin-- * Briefly, the problem ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class Metasploit4 < Msf::Exploit::Local Rank = GreatRanking include Msf::Exploit::EXE include Msf::Post::File include Msf::Exploit::Local::Linux def initialize(info = {}) super(update_info(info ...

Linux pkexec and polkitd 096 race condition privilege escalation exploit ...

pkexec race condition privilege escalation exploit ...

A race condition flaw was found in the PolicyKit pkexec utility and polkitd daemon A local user could use this flaw to appear as a privileged user to pkexec, allowing them to execute arbitrary commands as root by running those commands with pkexec Those vulnerable include RHEL6 prior to polkit-096-2el6_01 and Ubuntu libpolkit-backend-1 prior t ...

PolicyKit versions 0101 and below local privilege escalation exploit ...

CVE-2011-1485 - Published: 2011-04-01 - PolicyKit:

CVE-2011-1485 CVE-2011-1485 - Published: 2011-04-01 - PolicyKit:

CWE-362 http://www.mandriva.com/security/advisories?name=MDVSA-2011:086 http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058752.html http://lists.fedoraproject.org/pipermail/package-announce/2011-May/059859.html https://bugzilla.redhat.com/show_bug.cgi?id=692922 http://www.redhat.com/support/errata/RHSA-2011-0455.html http://www.ubuntu.com/usn/USN-1117-1 http://www.debian.org/security/2011/dsa-2319 http://securityreason.com/securityalert/8424 http://security.gentoo.org/glsa/glsa-201204-06.xml http://secunia.com/advisories/48817 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644500 https://usn.ubuntu.com/1117-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/17942/

CVE-2011-1485

Vulnerability Summary

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect