Bypassing Start Time Protection Mechanism in PolicyKit 0.115

Bypassing Start Time Protection Mechanism in PolicyKit 0.115

CVE-2019-6133 · MEDIUM Severity

AV:L/AC:M/AU:N/C:P/I:P/A:P

In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.

Learn more about our Web Application Penetration Testing UK.