VDB
CVE-2011-1485
CVE-2011-1485
PUBLISHED
CVSS 6.900000095367432 MEDIUM
Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.
EPSS 5.54% · 90.4th percentile
Risk Scores
CVSS 2.0
6.900000095367432
EPSS Score
5.54%
90.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| redhat | policykit | 0.96 |
Exploit Intelligence
- CVE-2011-1485 - Published: 2011-04-01 - PolicyKit: (github-poc)
- CVE-2011-1485 - Published: 2011-04-01 - PolicyKit: (github-poc)
- CVE-2011-1485 - Published: 2011-04-01 - PolicyKit: (github-poc)
- CVE-2011-1485 - Published: 2011-04-01 - PolicyKit: (github-poc)
- CIRCL seen: CVE-2011-1485 (circl-sighting)
- CIRCL seen: CVE-2011-1485 (circl-sighting)
- CIRCL seen: CVE-2011-1485 (circl-sighting)
- CIRCL seen: CVE-2011-1485 (circl-sighting)
- FEDORA-2011-5589 (circl)
- 8424 (circl)
…and 14 more exploits
Timeline
- May 31, 2011 CVE Published
- Oct 4, 2011 PoC Published
- Oct 7, 2011 PoC Published
- Oct 18, 2014 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
References
- RHSA-2011:0455 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=692922 url
- DSA-2319 vendor-advisory
- 8424 third-party-advisory
- FEDORA-2011-5676 vendor-advisory
- USN-1117-1 vendor-advisory
- FEDORA-2011-5589 vendor-advisory
- GLSA-201204-06 vendor-advisory
- 48817 third-party-advisory
- MDVSA-2011:086 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2011-1485 advisory