CVE-2019-6133 - log back

CVE-2019-6133 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Local
Type
+ Authentication bypass
Description
+ In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.
References
+ https://gitlab.freedesktop.org/polkit/polkit/commit/c898fdf4b1aafaa04f8ada9d73d77c8bb76e2f81#0cf68d1183ea5299db7cd71b8377fa3d29e1a63e
Notes