`polkit:CVE-2021-3560` tweak: clarity with affected versions
petecooper opened this issue · comments
Firstly, thank you creating and maintaining traitor, it's excellent.
I ran v0.0.8 on a fully-patched (at least as far as apt permits) Ubuntu 20.04LTS, and got this result:
$ /opt/traitor/traitor
▀█▀ █▀█ ▄▀█ █ ▀█▀ █▀█ █▀█
░█░ █▀▄ █▀█ █ ░█░ █▄█ █▀▄ v0.0.8
https://github.com/liamg/traitor
[+] Assessing machine state...
[+] Checking for opportunities...
[+][polkit:CVE-2021-3560] Polkit version is vulnerable!
[+][polkit:CVE-2021-3560] System is vulnerable! Run again with '--exploit polkit:CVE-2021-3560' to exploit it.
Looking at d3db221 where detection for CVE-2021-3560 was added, v0.105-26 is considered vulnerable:
traitor/pkg/exploits/exploit_polkit.go
Line 63 in 721ad3a
Looking at https://ubuntu.com/security/notices/USN-4980-1, where Ubuntu 20.04LTS is concerned, that same version number is not vulnerable…and it's actually listed as being the version which addresses CVE-2021-3560.
Given that Ubuntu LTS is a relatively popular choice among server operating systems – and 20.04 is the most recent LTS cut – it might be worth clarifying what versions are affected by CVE-2021-3560 in this case.
Thanks for your consideration.