Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2022-0037)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2022.0037

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2022-0037)

Resumen: The remote host is missing an update for the 'polkit' package(s) announced via the MGASA-2022-0037 advisory.

Descripción: Summary:
The remote host is missing an update for the 'polkit' package(s) announced via the MGASA-2022-0037 advisory.

Vulnerability Insight:
A local privilege escalation vulnerability was found on polkit's pkexec
utility. The pkexec application is a setuid tool designed to allow unprivileged
users to run commands as privileged users according predefined policies. The
current version of pkexec doesn't handle the calling parameters count correctly
and ends trying to execute environment variables as commands. An attacker can
leverage this by crafting environment variables in such a way it'll induce
pkexec to execute arbitrary code. When successfully executed the attack can
cause a local privilege escalation given unprivileged users administrative
rights on the target machine (CVE-2021-4034).

Affected Software/OS:
'polkit' package(s) on Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2021-4034
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
https://bugzilla.redhat.com/show_bug.cgi?id=2025869
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
https://www.starwindsoftware.com/security/sw-20220818-0001/
https://www.suse.com/support/kb/doc/?id=000020564

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2022.0037
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2022-0037)
Resumen:	The remote host is missing an update for the 'polkit' package(s) announced via the MGASA-2022-0037 advisory.
Descripción:	Summary: The remote host is missing an update for the 'polkit' package(s) announced via the MGASA-2022-0037 advisory. Vulnerability Insight: A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine (CVE-2021-4034). Affected Software/OS: 'polkit' package(s) on Mageia 8. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2021-4034 https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/ http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 https://bugzilla.redhat.com/show_bug.cgi?id=2025869 https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt https://www.starwindsoftware.com/security/sw-20220818-0001/ https://www.suse.com/support/kb/doc/?id=000020564
Copyright	Copyright (C) 2022 Greenbone AG