CVE-2018-19788
NONE EPSS 95.5%
Published Dec 3, 20187y ago ยท Modified Jun 17, 20262w ago
Published Dec 3, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
Description
A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.
Threat Intelligence
EPSS Exploit Probability
95.5% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-20 Improper Input Validation Validation
Affected Products 8
References 10
- access.redhat.com https://access.redhat.com/errata/RHSA-2019:2046
- access.redhat.com https://access.redhat.com/errata/RHSA-2019:3232
- bugs.debian.org https://bugs.debian.org/915332
- gitlab.freedesktop.org https://gitlab.freedesktop.org/polkit/polkit/issues/74
- lists.debian.org https://lists.debian.org/debian-lts-announce/2019/01/msg00021.html
- security.gentoo.org https://security.gentoo.org/glsa/201908-14
- security.netapp.com https://security.netapp.com/advisory/ntap-20240816-0001/
- usn.ubuntu.com https://usn.ubuntu.com/3861-1/
- usn.ubuntu.com https://usn.ubuntu.com/3861-2/
- debian.org https://www.debian.org/security/2018/dsa-4350
Remediation
- gitlab.freedesktop.org https://gitlab.freedesktop.org/polkit/polkit/issues/74