========================================================================== Ubuntu Security Notice USN-1117-1 April 19, 2011 policykit-1 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 9.10 Summary: Local users could gain root access by using the pkexec tool in PolicyKit. Software Description: - policykit-1: framework for managing administrative policies and privileges Details: Neel Mehta discovered that PolicyKit did not correctly verify the user making authorization requests. A local attacker could exploit this to trick pkexec into running applications with root privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 10.10: libpolkit-backend-1-0 0.96-2ubuntu1.1 Ubuntu 10.04 LTS: libpolkit-backend-1-0 0.96-2ubuntu0.1 Ubuntu 9.10: libpolkit-backend-1-0 0.94-1ubuntu1.1 After a standard system update you need to reboot your computer to make all the necessary changes. References: CVE-2011-1485 Package Information: https://launchpad.net/ubuntu/+source/policykit-1/0.96-2ubuntu1.1 https://launchpad.net/ubuntu/+source/policykit-1/0.96-2ubuntu0.1 https://launchpad.net/ubuntu/+source/policykit-1/0.94-1ubuntu1.1
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/