INQUIRY: How soon can we expect to get resolution for bug fix CVE-2018-19788

Comments

Hi,

I am trying to find out how quickly we can get patch on bug fix for well-published serious problem on Linux, which affects RHEL systems as well.

The methods to abuse it are easily found all over the internet.

The issue is tracked as CVE-2018-19788:

https://access.redhat.com/security/cve/cve-2018-19788

Basically, if anybody creates a username with UID higher than INT_MAX (constant which equals to 2147483647), the PolicyKit component will allow that user to execute any systemctl command successfully. For example, as found in many internet searches:

$ systemd-run -t /bin/bash

Regards,

Dusan Baljevic (amateur radio VK2COT)

Started 2018-12-17T21:28:58+00:00 by

Dusan Baljevic

Guru 3009 points

Responses

Here are the common uses of Markdown.

Code blocks

~~~
Code surrounded in tildes is easier to read
~~~

Links/URLs

[Red Hat Customer Portal](https://access.redhat.com)

Select Your Language

INQUIRY: How soon can we expect to get resolution for bug fix CVE-2018-19788

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links