Date: Tue, 27 Mar 2012 19:45:09 -0700 From: Tim Sammut <underling@...too.org> To: oss-security@...ts.openwall.com CC: security <security@...too.org> Subject: CVE Request: PolicyKit change allows users in "wheel" group to become root without a password Hi. Please assign a CVE to this issue. An intended change in PolicyKit  version 0.103  allows users of the "wheel" group to become root without providing the root password. While this was intentional, we believe it presents a security concern for our users .  http://cgit.freedesktop.org/PolicyKit/commit/?id=763faf434b445c20ae9529100d3ef5290976d0c9  http://www.mail-archive.com/polkit-devel@...ts.freedesktop.org/msg00327.html  https://bugs.gentoo.org/show_bug.cgi?id=401513  http://patch-tracker.debian.org/patch/series/view/policykit-1/0.104-2/05_revert-admin-identities-unix-group-wheel.patch  https://launchpad.net/ubuntu/+source/policykit-1/0.103-1 thank you tim -- Tim Sammut ~ Gentoo Security Team underling@...too.org ~ C2375493 [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ