oss-sec mailing list archives
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
From: Dominik Czarnota <dominik.b.czarnota () gmail com>
Date: Wed, 26 Jan 2022 13:54:45 +0100
Hi, And many other binaries also do things incorrectly: - https://grep.app/search?q=%3D%201%3B%20n%20%3C%20argc - https://grep.app/search?q=%3D%201%3B%20.%20%3C%20argc®exp=true But most of them are not suid binaries and also do not perform a write into argv[]. Cheers, Disconnect3d On Wed, 26 Jan 2022 at 13:52, Matthias Schmidt <oss-sec () xosc org> wrote:
Hi, * Qualys Security Advisory wrote:Qualys Security Advisory pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)This was already mentioned in 2013 in a blog post, however, it seems the author didn't realize the consequences of their finding: https://ryiron.wordpress.com/2013/12/16/argv-silliness/ Cheers Matthias
Current thread:
- pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Qualys Security Advisory (Jan 25)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Sam James (Jan 25)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Roman Medina-Heigl Hernandez (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Henri Salo (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Erik Auerswald (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Chris Boot (Jan 27)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Roman Medina-Heigl Hernandez (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Sam James (Jan 25)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Dominik Czarnota (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Kai Lüke (Jan 27)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Bastian Blank (Jan 27)