CVE-2018-19788 Detail Modified This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided. Current Description A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

View Analysis Description Analysis Description A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: 8.8 HIGH Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 9.0 HIGH Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C) Weakness Enumeration CWE-ID CWE Name Source CWE-20 Improper Input Validation NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 7 change records found show changes CVE Modified by MITRE 10/29/2019 3:15:15 PM Action Type Old Value New Value Added Reference https://access.redhat.com/errata/RHSA-2019:3232 [No Types Assigned]



CVE Modified by MITRE 8/15/2019 2:15:14 PM Action Type Old Value New Value Added Reference https://security.gentoo.org/glsa/201908-14 [No Types Assigned]



CVE Modified by MITRE 8/06/2019 1:15:34 PM Action Type Old Value New Value Added Reference https://access.redhat.com/errata/RHSA-2019:2046 [No Types Assigned]



Initial Analysis 2/05/2019 11:16:01 AM Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:polkit_project:polkit:0.115:*:*:*:*:*:*:*



Added CPE Configuration OR *cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:* *cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* *cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* *cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* *cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*



Added CPE Configuration OR *cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* *cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*



Added CVSS V2 (AV:N/AC:L/Au:S/C:C/I:C/A:C)



Added CVSS V3 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H



Added CWE CWE-20



Changed Reference Type https://bugs.debian.org/915332 No Types Assigned



https://bugs.debian.org/915332 Issue Tracking, Mailing List, Third Party Advisory



Changed Reference Type https://gitlab.freedesktop.org/polkit/polkit/issues/74 No Types Assigned



https://gitlab.freedesktop.org/polkit/polkit/issues/74 Exploit, Patch, Third Party Advisory



Changed Reference Type https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html No Types Assigned



https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html Third Party Advisory



Changed Reference Type https://usn.ubuntu.com/3861-1/ No Types Assigned



https://usn.ubuntu.com/3861-1/ Third Party Advisory



Changed Reference Type https://usn.ubuntu.com/3861-2/ No Types Assigned



https://usn.ubuntu.com/3861-2/ Third Party Advisory



Changed Reference Type https://www.debian.org/security/2018/dsa-4350 No Types Assigned



https://www.debian.org/security/2018/dsa-4350 Third Party Advisory



CVE Modified by MITRE 1/29/2019 6:29:00 AM Action Type Old Value New Value Added Reference https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html [No Types Assigned]



CVE Modified by MITRE 1/17/2019 6:29:05 AM Action Type Old Value New Value Added Reference https://usn.ubuntu.com/3861-1/ [No Types Assigned]



Added Reference https://usn.ubuntu.com/3861-2/ [No Types Assigned]



CVE Modified by MITRE 12/07/2018 6:29:24 AM Action Type Old Value New Value Added Reference https://www.debian.org/security/2018/dsa-4350 [No Types Assigned]



Quick Info CVE Dictionary Entry:

CVE-2018-19788

NVD Published Date:

12/03/2018

NVD Last Modified:

08/06/2019

Source:

MITRE

