ByteOS Network

NVD Vulnerability Details :

CVE-2018-19788

Modified

Source-cve@mitre.org

Published At-03 Dec, 2018 | 06:29

Updated At-06 Aug, 2019 | 17:15

A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Type	Version	Base score	Base severity	Vector
Primary	3.0	8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C

CWE ID	Type	Source
CWE-20	Primary	nvd@nist.gov

Hyperlink	Source	Resource
https://access.redhat.com/errata/RHSA-2019:2046	cve@mitre.org	N/A
https://access.redhat.com/errata/RHSA-2019:3232	cve@mitre.org	N/A
https://bugs.debian.org/915332	cve@mitre.org	Issue Tracking Mailing List Third Party Advisory
https://gitlab.freedesktop.org/polkit/polkit/issues/74	cve@mitre.org	Exploit Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html	cve@mitre.org	Third Party Advisory
https://security.gentoo.org/glsa/201908-14	cve@mitre.org	N/A
https://usn.ubuntu.com/3861-1/	cve@mitre.org	Third Party Advisory
https://usn.ubuntu.com/3861-2/	cve@mitre.org	Third Party Advisory
https://www.debian.org/security/2018/dsa-4350	cve@mitre.org	Third Party Advisory