{ "document": { "aggregate_severity": { "text": "Medium" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/ubuntu16.04els/vex/2018/cve-2018-1116-els_os-ubuntu16_04els.json" } ], "tracking": { "current_release_date": "2026-04-24T11:42:30Z", "generator": { "date": "2026-04-24T11:42:30Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2018-1116-ELS_OS-UBUNTU16.04ELS", "initial_release_date": "2018-07-10T19:29:00Z", "revision_history": [ { "date": "2018-07-10T19:29:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-20T15:28:25Z", "number": "2", "summary": "Official Publication" }, { "date": "2026-04-24T11:42:30Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "3" }, "title": "Security update on CVE-2018-1116" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Ubuntu 16.04", "product": { "name": "Ubuntu 16.04", "product_id": "Ubuntu-16", "product_identification_helper": { "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" } } } ], "category": "product_family", "name": "Ubuntu" }, { "branches": [ { "category": "product_version", "name": "libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5.amd64", "product": { "name": "libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5.amd64", "product_id": "libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5.amd64", "product_identification_helper": { "purl": "pkg:deb/ubuntu/libpolkit-agent-1-dev@0.105-14.1ubuntu0.5?arch=amd64" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "Canonical Ltd." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5+tuxcare.els1.amd64", "product": { "name": "libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5+tuxcare.els1.amd64", "product_id": "libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/libpolkit-agent-1-dev@0.105-14.1ubuntu0.5%2Btuxcare.els1?arch=amd64" } } } ], "category": "architecture", "name": "amd64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5+tuxcare.els1.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5+tuxcare.els1.amd64" }, "product_reference": "libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5+tuxcare.els1.amd64", "relates_to_product_reference": "Ubuntu-16" }, { "category": "default_component_of", "full_product_name": { "name": "libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5.amd64 as a component of Ubuntu 16.04", "product_id": "Ubuntu-16:libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5.amd64" }, "product_reference": "libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5.amd64", "relates_to_product_reference": "Ubuntu-16" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-1116", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "notes": [ { "category": "description", "text": "A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "Ubuntu-16:libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5+tuxcare.els1.amd64", "Ubuntu-16:libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2018-1116" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1116" }, { "category": "external", "summary": "https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364", "url": "https://cgit.freedesktop.org/polkit/commit/?id=bc7ffad5364" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html", "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00042.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201908-14", "url": "https://security.gentoo.org/glsa/201908-14" }, { "category": "external", "summary": "https://usn.ubuntu.com/3717-2/", "url": "https://usn.ubuntu.com/3717-2/" } ], "release_date": "2018-07-10T19:29:00Z", "remediations": [ { "category": "no_fix_planned", "details": "This is a local-only flaw in polkitd that at worst lets a low-privileged user trigger or probe another user’s authentication prompts, causing limited information disclosure and minor denial of service; it does not provide any path to privilege escalation or integrity compromise. Meaningful impact depends on an active user session with a running polkit authentication agent; on headless or server VM deployments without such agents by default, the effect is negligible. Because it only affects polkit versions prior to 0.116 and has been addressed upstream since 2018, and given the low-impact (C:L/I:N/A:L) characteristics, it can be safely deprioritized.", "product_ids": [ "Ubuntu-16:libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5+tuxcare.els1.amd64", "Ubuntu-16:libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5.amd64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "products": [ "Ubuntu-16:libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5+tuxcare.els1.amd64", "Ubuntu-16:libpolkit-agent-1-dev-0:0.105-14.1ubuntu0.5.amd64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }