oss-sec mailing list archives
CVE Request: PolicyKit change allows users in "wheel" group to become root without a password
From: Tim Sammut <underling () gentoo org>
Date: Tue, 27 Mar 2012 19:45:09 -0700
Hi. Please assign a CVE to this issue. An intended change in PolicyKit [1] version 0.103 [2] allows users of the "wheel" group to become root without providing the root password. While this was intentional, we believe it presents a security concern for our users [3]. [1] http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9 [2] http://www.mail-archive.com/polkit-devel () lists freedesktop org/msg00327.html [3] https://bugs.gentoo.org/show_bug.cgi?id=401513 [4] http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch [5] https://launchpad.net/ubuntu/+source/policykit-1/0.103-1 thank you tim -- Tim Sammut ~ Gentoo Security Team underling () gentoo org ~ C2375493
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE Request: PolicyKit change allows users in "wheel" group to become root without a password Tim Sammut (Mar 27)