LinPEAS - Polkit version detection - with solution
secure-sauce-controller opened this issue · comments
If you are going to suggest something, please remove the following template. - my solution is at the bottom.
Issue description
The current method for detecting the polkit version is detailed below and found in the file 1_system_information.sh:
#-- SY) CVE-2021-3560
polkitVersion=$(systemctl status polkit.service 2>/dev/null | grep version | cut -d " " -f 9)
if [ "$(apt list --installed 2>/dev/null | grep polkit | grep -c 0.105-26)" -ge 1 ] || [ "$(yum list installed 2>/dev/null | grep polkit | grep -c 0.117-2)" -ge 1 ]; then
echo "Vulnerable to CVE-2021-3560" | sed -${E} "s,.*,${SED_RED_YELLOW},"
echo ""
fi
This version detection method did not detect the version for me (specifically on the Hack The Box host 'Paper').
Which parameters did you use for executing the script and how did you execute it?
Just ran the whole of linpeas default.
Is there any AV / Threat protection in the system?
no
Please, indicate the OS, the OS version, and the kernel version (build number in case of Windows)
Linux
OS: Linux version 4.18.0-348.7.1.el8_5.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 8.5.0 20210514 (Red Hat 8.5.0-4) (GCC)) #1 SMP Wed Dec 22 13:25:12 UTC 2021
Please, indicate the check that is failing and add a screenshot showing the problem
#-- SY) CVE-2021-3560
How did you expect it to work?
Detect the vulnerable polkit version
Potential solution
I have found this command works best to find the vulnerable version, may be good to use this or add this as an additional fail safe check...
rpm -qa | grep -i polkit | grep -i "0.11[3-9]"