[Info penting] Bug memberikan akses root ke pengguna mana pun


AsiaVM

AsiaVM

Poster 2.0
Permisi Tuan,
langsung aja nih biar pada patch di server masing2, bug terhadap semua distro linux, melaui bug ini user biasa bisa menjadi root

video demonstransi dari si pembuat

Penjelasan lengkap
blog.qualys.com

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034) | Qualys Security Blog

The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution.
blog.qualys.com blog.qualys.com
www.theregister.com

Linux system service polkit has make-me-root security flaw

What happens when argc is zero and a SUID program doesn't care? Let's find out!
www.theregister.com www.theregister.com

Langsung patch begini sementara menunggu update resmi
Code: 
# chmod 0755 /usr/bin/pkexec


Example poc
Code: 
[user@centos ~]$ grep PRETTY /etc/os-release
PRETTY_NAME="CentOS Linux 7 (Core)"
[user@centos ~]$ id
uid=11000(user) gid=11000(user) groups=11000(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[user@centos ~]$ gcc cve-2021-4034-poc.c -o cve-2021-4034-poc
[user@centos ~]$ ./cve-2021-4034-poc
sh-4.2# id
uid=0(root) gid=0(root) groups=0(root),11000(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
sh-4.2# exit
script poc: https://github.com/arthepsy/CVE-2021-4034
 
You must log in or register to reply here.
Back
Top