CVE-2015-4625 | Vulnerability Database | Aqua Security

Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.

Affected Software

Name	Vendor	Start Version	End Version
Fedora	Fedoraproject	21 (including)	21 (including)
Fedora	Fedoraproject	22 (including)	22 (including)
Opensuse	Opensuse	13.1 (including)	13.1 (including)
Opensuse	Opensuse	13.2 (including)	13.2 (including)

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161721.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162294.html
http://lists.freedesktop.org/archives/polkit-devel/2015-July/000432.html
http://lists.freedesktop.org/archives/polkit-devel/2015-June/000427.html
http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00010.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00042.html
http://www.openwall.com/lists/oss-security/2015/06/08/3
http://www.openwall.com/lists/oss-security/2015/06/09/1
http://www.openwall.com/lists/oss-security/2015/06/16/21
http://www.securityfocus.com/bid/75267
http://www.securitytracker.com/id/1035023

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-4625
CWE	https://cwe.mitre.org/data/definitions/189.html