Local privilege escalation root exploit for Polkit's pkexec vulnerability as described in CVE-2021-4034 and known as PwnKit. Written in Go.
55be64db4ee1fc4cb9ff1188b66c70af217b5dc74fb821becc08afd02c1fcfb7Local privilege escalation root exploit for Polkit's pkexec vulnerability as described in CVE-2021-4034. Verified on Debian 10 and CentOS 7. Written in C.
5c59fb8b51079e3f956e9fcbe1974b3cbb587b1887064897119332a9ecf3f86aQualys discovered a local privilege escalation (from any user to root) in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution.
23ec1cb3b1b5fe5409bb892ba3ae31bb746e06cafdf7afafd72fd7d4b136ebbaUbuntu Security Notice 5193-2 - USN-5193-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled certain inputs. An attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code and escalate privileges.
f647bd6ad96702195698bd3fe98e860fce9e487f903f66eba0dbc296be2fd2dbBackdoor.Win32.WinShell.50 malware suffers from a weak hardcoded password vulnerability.
374ae6f411437c6fa9b4bd0fa17ceb62f4d56867595083dfbe6aa80e472c8192Red Hat Security Advisory 2022-0268-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
a9f87f5a06762c178c55658a6fef0a7d94e028717d2ce5d94c107b238bf47cfcRed Hat Security Advisory 2022-0274-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
548fadacf93c44ebc15698f3f822dde1f845e3359ed0a28001bdc133d2f8c554Red Hat Security Advisory 2022-0273-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
47c9d8f3774f382cfb38f6bfed9e2907e70621b5e76947577413751c05df7a23Red Hat Security Advisory 2022-0265-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
73296ae14deafa46ce26a28f5089ea309cccb8ed7de0327936e8bb72916a3bb8Red Hat Security Advisory 2022-0270-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
1ede8810b37e1f1f44033f95003511cbef0e5d69354292160fa97e114e21ce82Red Hat Security Advisory 2022-0272-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
8e9c44932ee901d04d61029e5d1946ac669fb1cc8da6881a2c39a1ff09fe04c1Red Hat Security Advisory 2022-0269-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
e87f8fb1ef2d05300f7dc746f062ea6c1daab30b2ccdb6df9ab0795e937cfb1fRed Hat Security Advisory 2022-0271-02 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
c250e06b78505dfc5b8703f988b3545cbd7c2514893744b5a48347b79fb822e1Red Hat Security Advisory 2022-0267-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
9d13348d38f51f7f741becfd0f2c51c4a05486781603e7bad71b3d5458c89f14Red Hat Security Advisory 2022-0266-03 - The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Issues addressed include a privilege escalation vulnerability.
416b0ce88d59daa86ecf0d4a0b3fb1d6022dcbd06afb45c08fbd65efc47aaf59Ubuntu Security Notice 5252-2 - USN-5252-1 fixed a vulnerability in policykit-1. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue to escalate privileges to an administrator.
79a191fdbd33ee59aec27cc1d4a478496d2ddddd45407287c0e521542987a2f6Ubuntu Security Notice 5252-1 - It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue to escalate privileges to an administrator.
b130c1c4ae73d3ee637fcfad0d7821db62540cca3e8dce5f04de67cd84030b3eRed Hat Security Advisory 2022-0236-04 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a code execution vulnerability.
3e5a6bec35c6856aa056bb4ac5262b34cdac38f80ac88be73be24efc217c752cRed Hat Security Advisory 2022-0258-02 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a buffer overflow vulnerability.
84978a26c8f91408ff21f51246cdfe63707f797d09b7ce7c513fa0cab885efd9Red Hat Security Advisory 2022-0260-03 - A highly-available key value store for shared configuration.
1179f48badb122645d2f1b7fe6774a9038543b81175c4916c2a4d6637a588c7cLocal privilege escalation root exploit for Polkit's pkexec vulnerability as described in CVE-2021-4034 and known as PwnKit.
12d83236acbffaf0f0962a4bba1234b4a0a9221ec6681b9ef274c6a8a414398cThis Metasploit module exploits an unauthenticated SQL injection vulnerability and a command injection vulnerability affecting the Grandstream UCM62xx IP PBX series of devices. The vulnerabilities allow an unauthenticated remote attacker to execute commands as root.
4066544895b5150487b562aeb10cbead4ed40ccc1b2880b31c05f426293dbef2Ubuntu Security Notice 5250-2 - USN-5250-1 fixed a vulnerability in strongSwan. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Zhuowei Zhang discovered that stringSwan incorrectly handled EAP authentication. A remote attacker could use this issue to cause strongSwan to crash, resulting in a denial of service, or possibly bypass client and server authentication.
1d22e7fac1daa8e5ea3208097eff6521c29300f346c371e518e83be99e27adfbEthercreative Logs plugin versions 3.0.3 and below for Craft CMS suffer from a path traversal vulnerability.
87f572c315e9b125698a490498f1baf715e21bedd53fb3675102015ce8c2e3baRed Hat Security Advisory 2022-0246-04 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.
ac685f0ee1416a81c17a3920f8990f34fd0bed2044d014166ed19445dfeee9de
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed