Polkit UID Privilege Escalation Vulnerability
A vulnerability has been identified in the polkit (formerly PolicyKit) privilege and policy management system for Unix-like operating systems.
This content has been archived
This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk
Summary
A vulnerability has been identified in the polkit (formerly PolicyKit) privilege and policy management system for Unix-like operating systems.
Threat details
A low-privileged user may exploit this vulnerability to escalate their privileges on an affected system.
The vulnerability exists as a result of polkit not properly validating permission requests from users with user ID (UID) values larger than the INT_MAX value (2147483647 or 0x7FFFFFFF). If a UID is created or altered to be greater than INT_MAX (or less than zero in some cases), polkit will fail to validate the request and default to full system privileges for the associated user.
polkit is pre-installed on most popular Linux distributions, including CentOS, Debian, Red Hat and Ubuntu.
For further information:
RemediationUsers and administrators are encouraged to update to the latest polkit version and restrict UIDs with negative or greater than INT_MAX values.
Remediation steps
| Type | Step |
|---|---|
|
Users and administrators are encouraged to update to the latest polkit version and restrict UIDs with negative or greater than INT_MAX values. |
Last edited: 17 February 2020 1:01 pm