Upstream information

CVE-2008-1658 at MITRE

Description

Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.6
Vector AV:L/AC:L/Au:N/C:P/I:P/A:P
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 375832 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • PolicyKit >= 0.9-14.34.9
  • PolicyKit-32bit >= 0.9-14.34.9
  • PolicyKit-doc >= 0.9-14.34.11
  • PolicyKit-x86 >= 0.9-14.34.9
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA PolicyKit
SUSE Linux Enterprise Server 11 SP2
  • PolicyKit >= 0.9-14.39.1
  • PolicyKit-32bit >= 0.9-14.39.1
  • PolicyKit-doc >= 0.9-14.39.2
  • PolicyKit-x86 >= 0.9-14.39.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA PolicyKit
SUSE Linux Enterprise Server 11 SP3
  • PolicyKit >= 0.9-14.41.1
  • PolicyKit-32bit >= 0.9-14.41.1
  • PolicyKit-doc >= 0.9-14.39.2
  • PolicyKit-x86 >= 0.9-14.41.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA PolicyKit
SUSE Linux Enterprise Server 11 SP4
  • PolicyKit >= 0.9-14.43.1
  • PolicyKit-32bit >= 0.9-14.43.1
  • PolicyKit-doc >= 0.9-14.43.1
  • PolicyKit-x86 >= 0.9-14.43.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA PolicyKit
SUSE Linux Enterprise Software Development Kit 11 SP4
  • PolicyKit-devel >= 0.9-14.43.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA PolicyKit-devel