The authenticationagentnew function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer dereference and polkitd daemon crash) by calling RegisterAuthenticationAgent with an invalid object path.
{ "binaries": [ { "binary_name": "gir1.2-polkit-1.0", "binary_version": "0.105-4ubuntu3.14.04.2" }, { "binary_name": "libpolkit-agent-1-0", "binary_version": "0.105-4ubuntu3.14.04.2" }, { "binary_name": "libpolkit-agent-1-0-dbgsym", "binary_version": "0.105-4ubuntu3.14.04.2" }, { "binary_name": "libpolkit-agent-1-dev", "binary_version": "0.105-4ubuntu3.14.04.2" }, { "binary_name": "libpolkit-backend-1-0", "binary_version": "0.105-4ubuntu3.14.04.2" }, { "binary_name": "libpolkit-backend-1-0-dbgsym", "binary_version": "0.105-4ubuntu3.14.04.2" }, { "binary_name": "libpolkit-backend-1-dev", "binary_version": "0.105-4ubuntu3.14.04.2" }, { "binary_name": "libpolkit-gobject-1-0", "binary_version": "0.105-4ubuntu3.14.04.2" }, { "binary_name": "libpolkit-gobject-1-0-dbgsym", "binary_version": "0.105-4ubuntu3.14.04.2" }, { "binary_name": "libpolkit-gobject-1-dev", "binary_version": "0.105-4ubuntu3.14.04.2" }, { "binary_name": "policykit-1", "binary_version": "0.105-4ubuntu3.14.04.2" }, { "binary_name": "policykit-1-dbgsym", "binary_version": "0.105-4ubuntu3.14.04.2" }, { "binary_name": "policykit-1-doc", "binary_version": "0.105-4ubuntu3.14.04.2" } ], "availability": "No subscription required", "ubuntu_priority": "low" }