CVE-2011-1485

Publication date 19 April 2011

Last updated 24 July 2024

Ubuntu priority

Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
policykit-1	10.10 maverick	Fixed 0.96-2ubuntu1.1
	10.04 LTS lucid	Fixed 0.96-2ubuntu0.1
	9.10 karmic	Fixed 0.94-1ubuntu1.1
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

Notes

kees

older "policykit" package lacks "pkexec" entirely.

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-1117-1
PolicyKit vulnerability
19 April 2011

Other references

https://www.cve.org/CVERecord?id=CVE-2011-1485