what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 52 RSS Feed

Files

PolicyKit 0.101 Privilege Escalation
Posted Oct 5, 2011
Authored by zx2c4

PolicyKit versions 0.101 and below local privilege escalation exploit.

tags | exploit, local
advisories | CVE-2011-1485
SHA-256 | 8e1577823139cfa501ce0535ad03ba8172e54feaed9443aab35fb42423be384b

Related Files

Ubuntu Security Notice USN-5304-1
Posted Feb 28, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5304-1 - Kevin Backhouse discovered that PolicyKit incorrectly handled file descriptors. A local attacker could possibly use this issue to cause PolicyKit to crash, resulting in a denial of service.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2021-4115
SHA-256 | d4fe0dc859ca9f481562f7719091c3c6f63d05c071bed985bd5ecb5558850e9c
Debian Security Advisory 5052-1
Posted Jan 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5052-1 - Matthias Gerstner reported that usbview, a USB device viewer, does not properly handle authorization in the PolicyKit policy configuration, which could result in root privilege escalation.

tags | advisory, root
systems | linux, debian
advisories | CVE-2022-23220
SHA-256 | 643051febab856ffac9ccdcc18dff94250a46b8c0bd2687c029cf265641f2a33
Debian Security Advisory 5059-1
Posted Jan 28, 2022
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5059-1 - The Qualys Research Labs discovered a local privilege escalation in PolicyKit's pkexec.

tags | advisory, local
systems | linux, debian
advisories | CVE-2021-4034
SHA-256 | 38f2e8d90a83737701916b27e6b777b3661d2c1e2b053f795a7e9e10527f4081
PolicyKit-1 0.105-31 Privilege Escalation
Posted Jan 27, 2022
Authored by Lance Biggerstaff

PolicyKit-1 version 0.105-31 pkexec local privilege escalation exploit.

tags | exploit, local
advisories | CVE-2021-4034
SHA-256 | e763628c9543e4357ba4d5a9b7e1c341b905fc2157029c0da5fa8c50dd7a3bae
Ubuntu Security Notice USN-5252-2
Posted Jan 26, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5252-2 - USN-5252-1 fixed a vulnerability in policykit-1. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue to escalate privileges to an administrator.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2021-4034
SHA-256 | 79a191fdbd33ee59aec27cc1d4a478496d2ddddd45407287c0e521542987a2f6
Ubuntu Security Notice USN-5252-1
Posted Jan 26, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5252-1 - It was discovered that the PolicyKit pkexec tool incorrectly handled command-line arguments. A local attacker could use this issue to escalate privileges to an administrator.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2021-4034
SHA-256 | b130c1c4ae73d3ee637fcfad0d7821db62540cca3e8dce5f04de67cd84030b3e
Polkit CVE-2021-3560 Overview
Posted Dec 16, 2021
Authored by Julio Cesar Baltazar Sainz

Whitepaper that gives an overview of the Polkit vulnerability as discussed in CVE-2021-3560. Written in Spanish.

tags | paper
advisories | CVE-2021-3560
SHA-256 | a41b8393ce5c22e793b28b10b8d6c72d64b22b0b06202998991ab9e195b4ef1c
Polkit CVE-2021-3560 Research
Posted Dec 10, 2021
Authored by Tanishq Sharma, Shikhar Saxena, Rushil Saxena

This document covers a vulnerability in policy kit (polkit) used on many Linux distributions, which enables an unprivileged local user to get a privileged shell (root) on the system by manually sending dbus messages to the dbus-daemon, then killing the request before it has been fully processed.

tags | exploit, paper, shell, local, root
systems | linux
advisories | CVE-2021-3560
SHA-256 | ff7bcacb2c7403598821beac18efca74a1f7003754707a0f87aff49223d1293a
Polkit Authentication Bypass / Local Privilege Escalation
Posted Nov 29, 2021
Authored by Sudhanshu Kumar, Rohit Verma, Sonam Nagar

This whitepaper provides an overview of a Polkit authentication bypass vulnerability that allows for local privilege escalation.

tags | exploit, paper, local, bypass
advisories | CVE-2021-3560
SHA-256 | 93e86eaad4a245a57200302487bb9941411bfdb877a212d1a63b777283e5ebdb
Polkit D-Bus Authentication Bypass
Posted Jul 9, 2021
Authored by Spencer McIntyre, jheysel-r7, Kevin Backhouse | Site metasploit.com

A vulnerability exists within the polkit system service that can be leveraged by a local, unprivileged attacker to perform privileged operations. In order to leverage the vulnerability, the attacker invokes a method over D-Bus and kills the client process. This will occasionally cause the operation to complete without being subjected to all of the necessary authentication. The exploit module leverages this to add a new user with a sudo access and a known password. The new account is then leveraged to execute a payload with root privileges.

tags | exploit, local, root
advisories | CVE-2021-3560
SHA-256 | 4a469ac4141ad75d095a953ed9262ad9287b8c479e96a68695a89371d81439eb
Polkit 0.105-26 0.117-2 Privilege Escalation
Posted Jun 15, 2021
Authored by J Smith

Polkit version Polkit 0.105-26 0.117-2 suffers from a local privilege escalation vulnerability.

tags | exploit, local
advisories | CVE-2021-3560
SHA-256 | 89700c7a75c7c7ebb3f47ffc215d09f899edced891a3fb50cd529fb84ddb9603
Ubuntu Security Notice USN-4605-2
Posted Nov 3, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4605-2 - Vaisha Bernard discovered that blueman did not properly sanitize input on the d-bus interface to blueman-mechanism. A local attacker could possibly use this issue to escalate privileges and run arbitrary code or cause a denial of service. While a previous security update fixed the issue, this update provides additional improvements by enabling PolicyKit authentication for privileged commands. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2020-15238
SHA-256 | a002dc8f38994b9b14e4c9d270098dbd18203170e58487b85174d6fd4cf21c4c
Ubuntu Security Notice USN-3934-2
Posted Sep 2, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3934-2 - USN-3934-1 fixed a vulnerability in Policykit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations. Various other issues were also addressed.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-6133
SHA-256 | 13db2b49515621a4f2d04fc157919dafa07b9c4e91f83f5c1eb644a170dc9033
Ubuntu Security Notice USN-4037-1
Posted Jun 25, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4037-1 - The policykit-desktop-privileges Startup Disk Creator policy allowed administrative users to overwrite disks. As a security improvement, this operation now requires authentication.

tags | advisory
systems | linux, ubuntu
SHA-256 | c5f3ca2d62880c10f006e915b63814648747d70ea633f8c5229865fda1477d3e
Debian Security Advisory 4428-1
Posted Apr 9, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4428-1 - Jann Horn discovered that the PAM module in systemd insecurely uses the environment and lacks seat verification permitting spoofing an active session to PolicyKit. A remote attacker with SSH access can take advantage of this issue to gain PolicyKit privileges that are normally only granted to clients in an active session on the local console.

tags | advisory, remote, local, spoof
systems | linux, debian
advisories | CVE-2019-3842
SHA-256 | 47de208882b207bd2b8fbff35aeb3e74f10cdff098ac4297f3f5d6f9b2cd6d55
Ubuntu Security Notice USN-3938-1
Posted Apr 9, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3938-1 - Jann Horn discovered that pam_systemd created logind sessions using some parameters from the environment. A local attacker could exploit this in order to spoof the active session and gain additional PolicyKit privileges.

tags | advisory, local, spoof
systems | linux, ubuntu
advisories | CVE-2019-3842
SHA-256 | 04cac38809c24fd6bf8181037a959b4415679aa832a9f2d739d10fbaf31ce2c4
Ubuntu Security Notice USN-3934-1
Posted Apr 3, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3934-1 - It was discovered that PolicyKit incorrectly relied on the fork system call in the Linux kernel being atomic. A local attacker could possibly use this issue to gain access to services that have cached authorizations.

tags | advisory, kernel, local
systems | linux, ubuntu
advisories | CVE-2019-6133
SHA-256 | c8d204f7fe9cea49ee5d807afdb6f7cdfa086127bccf23406e8c8a76fc5ec584
Ubuntu Security Notice USN-3861-2
Posted Jan 17, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3861-2 - USN-3861-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly handled certain large user UIDs. A local attacker with a large UID could possibly use this issue to perform privileged actions. Various other issues were also addressed.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-19788
SHA-256 | 7bce7059444c2f41710ef023a65160038dfdc426e06bd8b1626464be80942c89
Ubuntu Security Notice USN-3861-1
Posted Jan 17, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3861-1 - It was discovered that PolicyKit incorrectly handled certain large user UIDs. A local attacker with a large UID could possibly use this issue to perform privileged actions.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-19788
SHA-256 | 4f39441d0bc48e0fc9c968053d5d56332bbbeef25eb9e24fc56c8e836b7f83fb
Debian Security Advisory 4350-1
Posted Dec 7, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4350-1 - It was discovered that incorrect processing of very high UIDs in Policykit, a framework for managing administrative policies and privileges, could result in authentication bypass.

tags | advisory
systems | linux, debian
advisories | CVE-2018-19788
SHA-256 | 4c66302ebf9cfd15b8dd32b77d31e4b78565f776f1eb9f3a42dc3930008b7f0c
Ubuntu Security Notice USN-3717-2
Posted Jul 17, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3717-2 - USN-3717-1 fixed a vulnerability in PolicyKit. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2015-3255, CVE-2018-1116
SHA-256 | 0e50fe8144849a5cdb19a5c84bfb390d531f53793544abd196d8c4665d9109c3
Ubuntu Security Notice USN-3717-1
Posted Jul 16, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3717-1 - Tavis Ormandy discovered that PolicyKit incorrectly handled certain invalid object paths. A local attacker could possibly use this issue to cause PolicyKit to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that PolicyKit incorrectly handled certain duplicate action IDs. A local attacker could use this issue to cause PolicyKit to crash, resulting in a denial of service, or possibly escalate privileges. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service, local
systems | linux, ubuntu
advisories | CVE-2015-3218, CVE-2015-3255, CVE-2015-4625, CVE-2018-1116
SHA-256 | 7b9aa26f312ac39e4b97279a9cacf1e2c8f625a61c1040cca0bf6077d0dfc716
Ubuntu Security Notice USN-3607-1
Posted Mar 26, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3607-1 - It was discovered that Screen Resolution Extra was using PolicyKit in an unsafe manner. A local attacker could potentially exploit this issue to bypass intended PolicyKit authorizations.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2018-8885
SHA-256 | 1cba5203444f9b97137ee8c0abe70d8653262ffbbce163e3843645d454d09a9b
Red Hat Security Advisory 2016-0189-01
Posted Feb 16, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-0189-01 - PolicyKit is a toolkit for defining and handling authorizations. A denial of service flaw was found in how polkit handled authorization requests. A local, unprivileged user could send malicious requests to polkit, which could then cause the polkit daemon to corrupt its memory and crash. All polkit users should upgrade to these updated packages, which contain a backported patch to correct this issue. The system must be rebooted for this update to take effect.

tags | advisory, denial of service, local
systems | linux, redhat
advisories | CVE-2015-3256
SHA-256 | efad810d366fa419c7f930f6ba0aa4269866952ebe52b208004b87c85c809f77
Desktop Linux Password Stealer / Privilege Escalation
Posted Dec 29, 2014
Authored by Jakob Lell | Site metasploit.com

This Metasploit module steals the user password of an administrative user on a desktop Linux system when it is entered for unlocking the screen or for doing administrative actions using policykit. Then it escalates to root privileges using sudo and the stolen user password. It exploits the design weakness that there is no trusted channel for transferring the password from the keyboard to the actual password verification against the shadow file (which is running as root since /etc/shadow is only readable to the root user). Both screensavers (xscreensaver/gnome-screensaver) and policykit use a component running under the current user account to query for the password and then pass it to a setuid-root binary to do the password verification. Therefore it is possible to inject a password stealer after compromising the user account. Since sudo requires only the user password (and not the root password of the system), stealing the user password of an administrative user directly allows escalating to root privileges. Please note that you have to start a handler as a background job before running this exploit since the exploit will only create a shell when the user actually enters the password (which may be hours after launching the exploit). Using exploit/multi/handler with the option ExitOnSession set to false should do the job.

tags | exploit, shell, root
systems | linux
SHA-256 | 0a9cac7ba17812d5abc36544dbde12e861f70ee5697f577efc23726fdff20564
Page 1 of 3
Back123Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close