PublicDateAtUSN: 2018-03-26
Candidate: CVE-2018-8885
PublicDate: 2018-03-28 20:29:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8885
 https://launchpad.net/bugs/1753772
 https://ubuntu.com/security/notices/USN-3607-1
Description:
 screenresolution-mechanism in screen-resolution-extra 0.17.2 does not
 properly use the PolicyKit D-Bus API, which allows local users to bypass
 intended access restrictions by leveraging a race condition via a setuid or
 pkexec process that is mishandled in a PolicyKitService._check_permission
 call.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: chrisccoulson
Assigned-to: 
CVSS:
 nvd: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H [7.0 HIGH]


Patches_screen-resolution-extra:
upstream_screen-resolution-extra: needs-triage
precise/esm_screen-resolution-extra: DNE
trusty_screen-resolution-extra: released (0.17.1.1~14.04.1)
trusty/esm_screen-resolution-extra: DNE (trusty was released [0.17.1.1~14.04.1])
xenial_screen-resolution-extra: released (0.17.1.1~16.04.1)
esm-infra/xenial_screen-resolution-extra: released (0.17.1.1~16.04.1)
artful_screen-resolution-extra: released (0.17.1.1)
devel_screen-resolution-extra: released (0.17.3)