CVE-2008-1658

EPSS 0.13%
Veröffentlicht 11.04.2008 10:05:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle security@ubuntu.com
Teams Watchlist Login
Unerledigt Login

Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freedesktop ≫ Policykit Version <= 0.7

Freedesktop ≫ Policykit Version0.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.289

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://bugs.freedesktop.org/show_bug.cgi?id=15295

http://gitweb.freedesktop.org/?p=PolicyKit.git%3Ba=commitdiff%3Bh=5bc86a14cc0e356bcf8b5f861674f842869b1be7

http://secunia.com/advisories/29755

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:087

http://www.securityfocus.com/bid/28702

Patch

http://www.vupen.com/english/advisories/2008/1254

https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/205037

https://exchange.xforce.ibmcloud.com/vulnerabilities/41877

https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00176.html

https://nvd.nist.gov/vuln/detail/CVE-2008-1658

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-1658

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-1658

EUVD