CentOS Local Security Checks : CentOS: Security Advisory for polkit (CESA-2022:0274)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.884196

Categoría: CentOS Local Security Checks

Título: CentOS: Security Advisory for polkit (CESA-2022:0274)

Resumen: The remote host is missing an update for the 'polkit'; package(s) announced via the CESA-2022:0274 advisory.

Descripción: Summary:
The remote host is missing an update for the 'polkit'
package(s) announced via the CESA-2022:0274 advisory.

Vulnerability Insight:
The polkit packages provide a component for controlling system-wide
privileges. This component provides a uniform and organized way for
non-privileged processes to communicate with privileged ones.

Security Fix(es):

* polkit: Local privilege escalation in pkexec due to incorrect handling of
argument vector (CVE-2021-4034)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

Affected Software/OS:
'polkit' package(s) on CentOS 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-4034
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
https://bugzilla.redhat.com/show_bug.cgi?id=2025869
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
https://www.starwindsoftware.com/security/sw-20220818-0001/
https://www.suse.com/support/kb/doc/?id=000020564

Copyright Copyright (C) 2022 Greenbone Networks GmbH

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.884196
Categoría:	CentOS Local Security Checks
Título:	CentOS: Security Advisory for polkit (CESA-2022:0274)
Resumen:	The remote host is missing an update for the 'polkit'; package(s) announced via the CESA-2022:0274 advisory.
Descripción:	Summary: The remote host is missing an update for the 'polkit' package(s) announced via the CESA-2022:0274 advisory. Vulnerability Insight: The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones. Security Fix(es): * polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector (CVE-2021-4034) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Affected Software/OS: 'polkit' package(s) on CentOS 7. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-4034 https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/ http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 https://bugzilla.redhat.com/show_bug.cgi?id=2025869 https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt https://www.starwindsoftware.com/security/sw-20220818-0001/ https://www.suse.com/support/kb/doc/?id=000020564
Copyright	Copyright (C) 2022 Greenbone Networks GmbH