Re: CVE request for polkit

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> >   https://bugs.freedesktop.org/show_bug.cgi?id=90837
> >   https://bugs.freedesktop.org/show_bug.cgi?id=90832

This can have a single CVE ID, CVE-2015-4625.

> this
> approach passes through the uid of the caller from the setuid binary,
> ensuring that we only look up `AuthenticationAgent`s that were created
> by a matching uid.

With only this change, the original report of "another process can
generate 2^32 authentication sessions and just disconnect immediately.
The counter gets incremented but the cookies never get removed from
the list, until eventually counter wraps and a second cookie is
minted." would still be considered an implementation error, but it
could no longer be considered "exploitable" in the context of the
current polkit security model. In other words, because the two
concerns (90832 and 90837) are not independent vulnerabilities, there
should not be two CVE IDs.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVgI9cAAoJEKllVAevmvmsFuMIAIyxB79JHByD5607hzwv6+gL
IT0YBcbDT1ow3uKIz+S5S91HpxJKCbg5InNzhCac0EpKU2l4HxILIdk0l/wcmnf9
rzr4kSzvRATaQYkj9X5oPIrLYXGSrGdxy6KYe8LMa0/Sis6RLVJve7C3YlCx1yZU
FJMU43g3/sap7ReK40V8FnEDB4e3BH6+fUg5tqF+Q/rvvEEbwap3s2tv6GsP8RM/
cskGx2sgrLRO2fo/3NyIb8kOuJq8xmgVrCnNzzIoqvs9yzQTmMmGDLPfzN276nxB
/NCsNJITO1Unb+TwZknxRJjBv4Ic1CfCC2IFD7vG/MgdO+3Zll+rZlml+5b0Zlg=
=Mb9/
-----END PGP SIGNATURE-----