Vulnerability Name:

CVE-2008-1658 (CCN-41877)

Assigned:2008-03-22
Published:2008-03-22
Updated:2017-08-08
Summary:Format string vulnerability in the grant helper (polkit-grant-helper.c) in PolicyKit 0.7 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in a password.
CVSS v3 Severity:5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-134
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Bugzilla - Bug 15295
format string vulnerability in password input

Source: CONFIRM
Type: UNKNOWN
http://bugs.freedesktop.org/show_bug.cgi?id=15295

Source: MITRE
Type: CNA
CVE-2008-1658

Source: CONFIRM
Type: Exploit
http://gitweb.freedesktop.org/?p=PolicyKit.git;a=commitdiff;h=5bc86a14cc0e356bcf8b5f861674f842869b1be7

Source: CCN
Type: SA29755
Fedora update for PolicyKit

Source: SECUNIA
Type: Vendor Advisory
29755

Source: CCN
Type: freedesktop.org Web site
PolicyKit

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:087

Source: CCN
Type: OSVDB ID: 44278
PolicyKit Password Handling Local Format String

Source: BID
Type: Patch
28702

Source: CCN
Type: BID-28702
PolicyKit Grant Helper Password Handling Local Format String Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2008-1254

Source: CCN
Type: Launchpad Bug #205037
policykit or policykit-gnome do not work with passwords containing "%" character

Source: CONFIRM
Type: UNKNOWN
https://bugs.launchpad.net/ubuntu/+source/policykit/+bug/205037

Source: XF
Type: UNKNOWN
policykit-granthelper-format-string(41877)

Source: XF
Type: UNKNOWN
policykit-granthelper-format-string(41877)

Source: CCN
Type: FEDORA-2008-2987
[SECURITY] Fedora 8 Update: PolicyKit-0.6-2.fc8

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-2987

Vulnerable Configuration:Configuration 1:
  • cpe:/a:freedesktop:policykit:0.6:*:*:*:*:*:*:*
  • OR cpe:/a:freedesktop:policykit:*:*:*:*:*:*:*:* (Version <= 0.7)

  • Configuration CCN 1:
  • cpe:/a:freedesktop:policykit:0.7:*:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20081658
    V
    CVE-2008-1658
    2022-05-20
    oval:org.opensuse.security:def:42265
    P
    Security update for the Linux Kernel (Important)
    2022-04-13
    oval:org.opensuse.security:def:26184
    P
    Security update for log4j (Important)
    2021-12-17
    oval:org.opensuse.security:def:31325
    P
    Security update for the Linux Kernel (Live Patch 40 for SLE 12 SP3) (Important)
    2021-12-14
    oval:org.opensuse.security:def:31326
    P
    Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)
    2021-12-14
    oval:org.opensuse.security:def:31703
    P
    Security update for MozillaFirefox (Important)
    2021-11-17
    oval:org.opensuse.security:def:31298
    P
    Security update for pcre (Moderate)
    2021-11-10
    oval:org.opensuse.security:def:33039
    P
    Security update for binutils (Moderate)
    2021-11-09
    oval:org.opensuse.security:def:32208
    P
    Security update for strongswan (Important)
    2021-10-19
    oval:org.opensuse.security:def:26140
    P
    Security update for glibc (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:26126
    P
    Security update for Mesa (Moderate)
    2021-09-16
    oval:org.opensuse.security:def:33000
    P
    Security update for java-1_7_0-openjdk (Moderate)
    2021-09-09
    oval:org.opensuse.security:def:26119
    P
    Security update for file (Important)
    2021-09-02
    oval:org.opensuse.security:def:32152
    P
    Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-07-27
    oval:org.opensuse.security:def:32145
    P
    Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)
    2021-07-21
    oval:org.opensuse.security:def:31654
    P
    Security update for MozillaFirefox (Important)
    2021-07-16
    oval:org.opensuse.security:def:31217
    P
    Security update for arpwatch (Important)
    2021-06-28
    oval:org.opensuse.security:def:31206
    P
    Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-06-18
    oval:org.opensuse.security:def:36366
    P
    PolicyKit-devel-0.9-14.43.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:42483
    P
    PolicyKit-0.9-14.43.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:36076
    P
    PolicyKit-0.9-14.43.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:32101
    P
    Security update for libwebp (Critical)
    2021-06-02
    oval:org.opensuse.security:def:31628
    P
    Security update for dhcp (Important)
    2021-06-01
    oval:org.opensuse.security:def:26051
    P
    Security update for djvulibre (Important)
    2021-05-19
    oval:org.opensuse.security:def:42070
    P
    Security update for dtc (Low)
    2021-05-13
    oval:org.opensuse.security:def:26038
    P
    Security update for curl (Moderate)
    2021-04-28
    oval:org.opensuse.security:def:32079
    P
    Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)
    2021-04-28
    oval:org.opensuse.security:def:31143
    P
    Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)
    2021-04-07
    oval:org.opensuse.security:def:31741
    P
    Security update for wpa_supplicant (Important)
    2021-03-09
    oval:org.opensuse.security:def:31355
    P
    Security update for git (Important)
    2021-03-09
    oval:org.opensuse.security:def:31742
    P
    Security update for git (Important)
    2021-03-09
    oval:org.opensuse.security:def:31349
    P
    Security update for MozillaFirefox (Important)
    2021-03-01
    oval:org.opensuse.security:def:26202
    P
    Security update for MozillaFirefox (Important)
    2021-03-01
    oval:org.opensuse.security:def:26200
    P
    Security update for glibc (Moderate)
    2021-02-25
    oval:org.opensuse.security:def:32257
    P
    Security update for jasper (Important)
    2021-02-16
    oval:org.opensuse.security:def:31337
    P
    Security update for python (Important)
    2021-02-11
    oval:org.opensuse.security:def:31692
    P
    Security update for python3 (Important)
    2021-02-08
    oval:org.opensuse.security:def:26087
    P
    Security update for sudo (Important)
    2021-01-26
    oval:org.opensuse.security:def:31635
    P
    Security update for java-1_7_1-ibm (Moderate)
    2021-01-04
    oval:org.opensuse.security:def:25985
    P
    Security update for gimp (Moderate)
    2020-12-29
    oval:org.opensuse.security:def:32822
    P
    Security update for python-cryptography (Moderate)
    2020-12-04
    oval:org.opensuse.security:def:35520
    P
    PolicyKit-0.9-14.34.9 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35663
    P
    PolicyKit-0.9-14.39.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:41927
    P
    PolicyKit-0.9-14.34.9 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:35858
    P
    PolicyKit-0.9-14.41.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:25967
    P
    Security update for python3 (Important)
    2020-12-02
    oval:org.opensuse.security:def:25420
    P
    Security update for krb5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31852
    P
    Recommended udpate for SUSE Manager Client Tools (Low)
    2020-12-01
    oval:org.opensuse.security:def:25916
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:25499
    P
    Security update for openldap2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26647
    P
    w3m on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31131
    P
    Security update for kvm (Important)
    2020-12-01
    oval:org.opensuse.security:def:25612
    P
    Security update for shim (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31996
    P
    Security update for java-1_7_1-ibm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31885
    P
    Security update for ecryptfs-utils (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26857
    P
    PolicyKit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25991
    P
    Security update for ImageMagick (Important)
    2020-12-01
    oval:org.opensuse.security:def:25640
    P
    Security update for libqt5-qtsvg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27329
    P
    xorg-x11-libX11-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25893
    P
    Security update for gstreamer-0_10-plugins-base (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31951
    P
    Security update for grub2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:31543
    P
    Security update for samba (Important)
    2020-12-01
    oval:org.opensuse.security:def:32318
    P
    Security update for rsync (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25215
    P
    Security update for systemd (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25946
    P
    Security update for gnome-shell (Low)
    2020-12-01
    oval:org.opensuse.security:def:32628
    P
    PolicyKit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25625
    P
    Security update for ImageMagick (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31442
    P
    Security update for policycoreutils (Low)
    2020-12-01
    oval:org.opensuse.security:def:26343
    P
    Security update for MozillaThunderbird (Important)
    2020-12-01
    oval:org.opensuse.security:def:25290
    P
    Security update for ghostscript (Important)
    2020-12-01
    oval:org.opensuse.security:def:26628
    P
    perl-HTML-Parser on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25637
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25413
    P
    Security update for ucode-intel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31797
    P
    Recommended update for NetworkManager-kde4 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26401
    P
    Security update for chromium (Important)
    2020-12-01
    oval:org.opensuse.security:def:30989
    P
    Security update for jakarta-commons-collections (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25693
    P
    Security update for LibreOffice (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31935
    P
    Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:31764
    P
    Security update for MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss (Important)
    2020-12-01
    oval:org.opensuse.security:def:25829
    P
    Security update for php5 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25648
    P
    Security update for python36 (Important)
    2020-12-01
    oval:org.opensuse.security:def:27074
    P
    PolicyKit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25071
    P
    Security update for dpdk (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31074
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25834
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25789
    P
    Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:32446
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:26257
    P
    Security update for icu (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25083
    P
    Security update for LibVNCServer (Critical)
    2020-12-01
    oval:org.opensuse.security:def:31441
    P
    Security update for pixman (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26255
    P
    Security update for libqt4 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25847
    P
    Security update for flash-player (Important)
    2020-12-01
    oval:org.opensuse.security:def:25409
    P
    Security update for apache-commons-httpclient (Important)
    2020-12-01
    oval:org.opensuse.security:def:31760
    P
    Security update for MozillaFirefox (Critical)
    2020-12-01
    oval:org.opensuse.security:def:26492
    P
    Security update for icingaweb2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25915
    P
    Security update for libosip2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25275
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:31585
    P
    Security update for tcpdump (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26633
    P
    python on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26520
    P
    PolicyKit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25484
    P
    Security update for libqt4 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31909
    P
    Security update for freetype2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31846
    P
    Security update for clamav (Important)
    2020-12-01
    oval:org.opensuse.security:def:26822
    P
    squidGuard on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25927
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25556
    P
    Security update for ntp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31991
    P
    Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:26691
    P
    enscript on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31132
    P
    Security update for kvm (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25910
    P
    Security update for gstreamer-0_10-plugins-base (Low)
    2020-12-01
    oval:org.opensuse.security:def:31907
    P
    Security update for freetype2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31542
    P
    Security update for samba (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25791
    P
    Security update for kernel-source (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32296
    P
    Security update for procmail (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27364
    P
    PolicyKit-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25214
    P
    Security update for transfig (Low)
    2020-12-01
    oval:org.opensuse.security:def:25932
    P
    Security update for gstreamer-plugins-base (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32589
    P
    pam_krb5 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31554
    P
    Security update for sqlite3 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26304
    P
    Security update for python-keystoneclient (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32362
    P
    Security update for strongswan (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25226
    P
    Security update for e2fsprogs (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26545
    P
    file-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25990
    P
    Security update for libvpx (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25626
    P
    Security update for libqt5-qtbase (Important)
    2020-12-01
    oval:org.opensuse.security:def:25356
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:31598
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26357
    P
    Security update for enigmail (Important)
    2020-12-01
    oval:org.opensuse.security:def:30988
    P
    Security update for ipsec-tools (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25418
    P
    Security update for raptor (Important)
    2020-12-01
    oval:org.opensuse.security:def:31779
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:26663
    P
    PolicyKit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25701
    P
    Security update for libexif (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25497
    P
    Security update for LibVNCServer (Important)
    2020-12-01
    oval:org.opensuse.security:def:32040
    P
    Security update for various KMPs (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:27039
    P
    system-config-printer on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31000
    P
    Security update for java-1_6_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:25750
    P
    Security update for flash-player (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31808
    P
    Security update for apache2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25844
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:25072
    P
    Security update for aspell (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25803
    P
    Security update for flash-player (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32485
    P
    PolicyKit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25408
    P
    Security update for sane-backends (Important)
    2020-12-01
    oval:org.opensuse.security:def:31411
    P
    Security update for php53 (Important)
    2020-12-01
    oval:org.opensuse.security:def:26341
    P
    Security update for fmpeg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32783
    P
    rsyslog on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25147
    P
    Security update for libqt4 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:31498
    P
    Security update for python-numpy (Important)
    2020-12-01
    oval:org.opensuse.security:def:26594
    P
    libopensc2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:26485
    P
    Security update for singularity (Moderate)
    2020-12-01
    BACK
    freedesktop policykit 0.6
    freedesktop policykit *
    freedesktop policykit 0.7
    mandrakesoft mandrake linux 2008.1 x86_64
    mandrakesoft mandrake linux 2008.1