Integer overflow in the authenticationagentnew_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libpolkit-backend-1-dev": "0.105-4ubuntu3.14.04.2", "gir1.2-polkit-1.0": "0.105-4ubuntu3.14.04.2", "libpolkit-gobject-1-dev": "0.105-4ubuntu3.14.04.2", "libpolkit-agent-1-dev": "0.105-4ubuntu3.14.04.2", "libpolkit-gobject-1-0": "0.105-4ubuntu3.14.04.2", "libpolkit-gobject-1-0-dbgsym": "0.105-4ubuntu3.14.04.2", "libpolkit-agent-1-0-dbgsym": "0.105-4ubuntu3.14.04.2", "policykit-1-dbgsym": "0.105-4ubuntu3.14.04.2", "libpolkit-backend-1-0": "0.105-4ubuntu3.14.04.2", "libpolkit-agent-1-0": "0.105-4ubuntu3.14.04.2", "policykit-1-doc": "0.105-4ubuntu3.14.04.2", "libpolkit-backend-1-0-dbgsym": "0.105-4ubuntu3.14.04.2", "policykit-1": "0.105-4ubuntu3.14.04.2" } ] }