Red Hat Security Advisory 2022-0595-02 - Red Hat Advanced Cluster Management for Kubernetes 2.3.6 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Issues addressed include an information leakage vulnerability.
2598df9c773007328e30775692ba0a74b35fca2f6cdbd52f2b81faf7636ae67b
This is a Metasploit module for the argument processing bug in the polkit pkexec binary that leads to privilege escalation. It leverages the raw C exploit.
1e2f8340bf5c06e18aed602ee5becbfef6a47c0a4897f17f3c055799a62b8410
Red Hat Security Advisory 2022-0735-01 - Red Hat Advanced Cluster Management for Kubernetes 2.4.2 images Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Issues addressed include denial of service, open redirection, privilege escalation, and traversal vulnerabilities.
0f428578537f68dfaf14cf427f755f1edf5314f8b08ecb6c1be275b4a8bd343e
This is a Metasploit module for the argument processing bug in the polkit pkexec binary. If the binary is provided with no arguments, it will continue to process environment variables as argument variables, but without any security checking. By using the execve call we can specify a null argument list and populate the proper environment variables. This exploit is architecture independent.
45168e34096e858ea0c2f1c2c12695c4121ec633a36c09aef6de9a8d95de3371
Red Hat Security Advisory 2022-0492-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.43.
05aecb754e5832077aaa2ae3980ca42cf63ce1fddf63c16a0324164d48232f01
Red Hat Security Advisory 2022-0540-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include buffer overflow, heap overflow, and privilege escalation vulnerabilities.
923f3586648f88116e40f30ce55effbcd7d2b6a803d6888a77b92b4b0e0c6d09
Red Hat Security Advisory 2022-0443-06 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include a privilege escalation vulnerability.
ca9dc528ded1afdaa7e298cf15f4b25a18218f66e889607fe57a1570d7ab9296
Debian Linux Security Advisory 5059-1 - The Qualys Research Labs discovered a local privilege escalation in PolicyKit's pkexec.
38f2e8d90a83737701916b27e6b777b3661d2c1e2b053f795a7e9e10527f4081
Gentoo Linux Security Advisory 202201-1 - A vulnerability in polkit could lead to local root privilege escalation. Versions less than 0.120-r2 are affected.
d11426713b556943aaabfa3a7507c7905257729200bd39fec54ff2e0f803eb1f
PolicyKit-1 version 0.105-31 pkexec local privilege escalation exploit.
e763628c9543e4357ba4d5a9b7e1c341b905fc2157029c0da5fa8c50dd7a3bae
Local privilege escalation root exploit for Polkit's pkexec vulnerability as described in CVE-2021-4034 and known as PwnKit. Written in Go.
55be64db4ee1fc4cb9ff1188b66c70af217b5dc74fb821becc08afd02c1fcfb7
Local privilege escalation root exploit for Polkit's pkexec vulnerability as described in CVE-2021-4034. Verified on Debian 10 and CentOS 7. Written in C.
5c59fb8b51079e3f956e9fcbe1974b3cbb587b1887064897119332a9ecf3f86a
Qualys discovered a local privilege escalation (from any user to root) in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution.
23ec1cb3b1b5fe5409bb892ba3ae31bb746e06cafdf7afafd72fd7d4b136ebba
Red Hat Security Advisory 2022-0268-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
a9f87f5a06762c178c55658a6fef0a7d94e028717d2ce5d94c107b238bf47cfc
Red Hat Security Advisory 2022-0274-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
548fadacf93c44ebc15698f3f822dde1f845e3359ed0a28001bdc133d2f8c554
Red Hat Security Advisory 2022-0273-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
47c9d8f3774f382cfb38f6bfed9e2907e70621b5e76947577413751c05df7a23
Red Hat Security Advisory 2022-0265-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
73296ae14deafa46ce26a28f5089ea309cccb8ed7de0327936e8bb72916a3bb8
Red Hat Security Advisory 2022-0270-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
1ede8810b37e1f1f44033f95003511cbef0e5d69354292160fa97e114e21ce82
Red Hat Security Advisory 2022-0272-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
8e9c44932ee901d04d61029e5d1946ac669fb1cc8da6881a2c39a1ff09fe04c1
Red Hat Security Advisory 2022-0269-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
e87f8fb1ef2d05300f7dc746f062ea6c1daab30b2ccdb6df9ab0795e937cfb1f
Red Hat Security Advisory 2022-0271-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
c250e06b78505dfc5b8703f988b3545cbd7c2514893744b5a48347b79fb822e1
Red Hat Security Advisory 2022-0267-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
9d13348d38f51f7f741becfd0f2c51c4a05486781603e7bad71b3d5458c89f14
Red Hat Security Advisory 2022-0266-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
416b0ce88d59daa86ecf0d4a0b3fb1d6022dcbd06afb45c08fbd65efc47aaf59
Ubuntu Security Notice 5252-2 - USN-5252-1 fixed a vulnerability in policykit-1. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue to escalate privileges to an administrator.
79a191fdbd33ee59aec27cc1d4a478496d2ddddd45407287c0e521542987a2f6
Ubuntu Security Notice 5252-1 - It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue to escalate privileges to an administrator.
b130c1c4ae73d3ee637fcfad0d7821db62540cca3e8dce5f04de67cd84030b3e