Polkit Out-of-Memory Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Polkit. A local user can exploit this issue by sending a specially crafted, excessively long input to the 'polkit-agent-helper-1' setuid binary through standard input. This unbounded input can cause an out-of-memory condition, leading to a denial-of-service situation on the system.

Impact

Exploitation of this vulnerability causes an out-of-memory condition, disrupting normal system operations and potentially causing processes to be terminated or unresponsive.

Reproduction

The vulnerability can be reproduced by executing the 'polkit-agent-helper-1' binary with a long string input piped from a Python command. This input should be crafted to exceed normal length limits, effectively overwhelming the application's memory handling and causing the system to run out of available resources.