CVE-2015-3256 | Vulnerability Database | Aqua Security

PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to javascript rule evaluation.

Affected Software

Name	Vendor	Start Version	End Version
Polkit	Polkit_project	*	0.112 (including)
Red Hat Enterprise Linux 7	RedHat	polkit-0:0.112-6.el7_2	*
Policykit-1	Ubuntu	upstream	*

References

http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html
http://rhn.redhat.com/errata/RHSA-2016-0189.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/77356
http://www.securitytracker.com/id/1035023
https://bugzilla.redhat.com/show_bug.cgi?id=1245684
http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html
http://rhn.redhat.com/errata/RHSA-2016-0189.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.securityfocus.com/bid/77356
http://www.securitytracker.com/id/1035023
https://bugzilla.redhat.com/show_bug.cgi?id=1245684

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-3256
CWE	https://cwe.mitre.org/data/definitions/264.html