polkit

Page content
  • Author: Miklos Vajna
  • Vulnerable: 0.96-2
  • Unaffected: 0.96-3locris1

A weakness has been reported in PolicyKit, which can be exploited by malicious, local users to disclose certain system information. The weakness is caused due to the “pkexec” utility returning different results depending on the existence of files, which can be exploited to e.g. determine if a file exists in a restricted directory.

CVEs: