CVE-2010-4664

Vulnerability

ConsoleKit before version 0.4.2 contains a security policy restriction bypass. The flaw occurs when ConsoleKit identifies VNC sessions originating from a remote host; it incorrectly treats them as local sessions, allowing an authenticated system user to bypass intended policy restrictions [1][2]. Affected versions include those shipped with Fedora 11, 12, 13, and Red Hat Enterprise Linux 6 [2].

Exploitation

An attacker must have valid system authentication and the ability to initiate a remote VNC session. By connecting via VNC from a remote host, ConsoleKit misidentifies the session as local, thereby granting the user membership in a more privileged policy group [2]. No additional user interaction or race condition is required beyond establishing the VNC connection.

Impact

Successful exploitation allows an authenticated user to escalate their privileges, becoming a member of a more privileged policy group. This can lead to unauthorized actions beyond the user's intended permissions, potentially compromising system confidentiality, integrity, or availability depending on the privileges gained [1][2].

Mitigation

The fix is included in ConsoleKit version 0.4.2 and later [1][3]. Users should upgrade to ConsoleKit 0.4.2 or newer. For affected distributions, updates were provided by vendors (e.g., Red Hat, Debian) [2][3]. No workaround is documented; upgrading is the recommended mitigation.