polkit_project polkit 授权机制不正确

admin

0
文章

0
评论

2023-11-30 09:03:36 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 polkit_project polkit 授权机制不正确

CVE编号

CVE-2021-3560

利用情况

EXP 已公开

补丁情况

官方补丁

披露时间

2022-02-17

漏洞描述

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html
http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html
https://bugzilla.redhat.com/show_bug.cgi?id=1961710
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	polkit_project	polkit	*		Up to (excluding) 0.119
	运行在以下环境
	应用	redhat	openshift_container_platform	4.7	-
	运行在以下环境
	应用	redhat	virtualization	4.0	-
	运行在以下环境
	应用	redhat	virtualization_host	4.0	-
	运行在以下环境
	系统	alibaba_cloud_linux_2.1903	java-11-openjdk-demo	*		Up to (excluding) 1.8.0.312.b07-1.1.al7
	运行在以下环境
	系统	alpine_3.14	polkit	*		Up to (excluding) 0.119-r0
	运行在以下环境
	系统	alpine_3.15	polkit	*		Up to (excluding) 0.119-r0
	运行在以下环境
	系统	alpine_3.16	polkit	*		Up to (excluding) 0.119-r0
	运行在以下环境
	系统	alpine_3.17	polkit	*		Up to (excluding) 0.119-r0
	运行在以下环境
	系统	alpine_3.18	polkit	*		Up to (excluding) 0.119-r0
	运行在以下环境
	系统	alpine_edge	polkit	*		Up to (excluding) 0.119-r0
	运行在以下环境
	系统	amazon_2	mariadb	*		Up to (excluding) 11.0.13+8-1.amzn2
	运行在以下环境
	系统	amazon_2022	mariadb105	*		Up to (excluding) 10.5.16-1.amzn2022.0.4
	运行在以下环境
	系统	amazon_2023	mariadb105	*		Up to (excluding) 10.5.16-1.amzn2023.0.7
	运行在以下环境
	系统	amazon_AMI	java-1.8.0-openjdk	*		Up to (excluding) 1.8.0-openjdk-debuginfo-1.8.0.312.b07-0.65.amzn1
	运行在以下环境
	系统	anolis_os_8	polkit	*		Up to (excluding) 25.3.34-4
	运行在以下环境
	系统	anolis_os_8.2	polkit	*		Up to (excluding) 11.0.13.0.8-1
	运行在以下环境
	系统	centos_7	java	*		Up to (excluding) 1.8.0.312.b07-1.el7_9
	运行在以下环境
	系统	centos_8	polkit-libs-debuginfo	*		Up to (excluding) 1.8.0.312.b07-1.el8_4
	运行在以下环境
	系统	debian_10	policykit-1	*		Up to (excluding) 0.105-25+deb10u1
	运行在以下环境
	系统	debian_11	policykit-1	*		Up to (excluding) 0.105-31
	运行在以下环境
	系统	debian_12	policykit-1	*		Up to (excluding) 0.105-31
	运行在以下环境
	系统	debian_sid	policykit-1	*		Up to (excluding) 0.105-31
	运行在以下环境
	系统	fedora_33	polkit-libs	*		Up to (excluding) 1.8.0.312.b07-1.fc33
	运行在以下环境
	系统	fedora_33_Modular	mysql	*		Up to (excluding) 8.0-3320211031142409.601d93de
	运行在以下环境
	系统	fedora_34	polkit-debugsource	*		Up to (excluding) 1.8.0.312.b07-1.fc34
	运行在以下环境
	系统	fedora_34_Modular	mysql	*		Up to (excluding) 10.5-3420211202132324.058368ca
	运行在以下环境
	系统	fedora_35	community-mysql-libs-debuginfo	*		Up to (excluding) 1.8.0.312.b07-1.fc35
	运行在以下环境
	系统	fedora_35_Modular	mysql	*		Up to (excluding) 10.4-3520220717092835.f27b74a8
	运行在以下环境
	系统	fedora_EPEL_7	java-latest-openjdk-javadoc	*		Up to (excluding) 17.0.1.0.12-1.rolling.el7
	运行在以下环境
	系统	fedora_EPEL_8	java-latest-openjdk-headless-slowdebug-debuginfo	*		Up to (excluding) 17.0.1.0.12-3.rolling.el8
	运行在以下环境
系统	kylinos_aarch64_V10	java-11-openjdk	*		Up to (excluding) 11.0.17.8-1.ky10
运行在以下环境
系统	kylinos_aarch64_V10SP1	polkit	*		Up to (excluding) 11.0.17.8-1.ky10
运行在以下环境
系统	kylinos_aarch64_V10SP2	java-11-openjdk	*		Up to (excluding) 11.0.16.8-1.ky10
运行在以下环境
系统	kylinos_aarch64_V10SP3	java-11-openjdk	*		Up to (excluding) 11.0.17.8-1.ky10
运行在以下环境
系统	kylinos_loongarch64_V10SP3	java-11-openjdk	*		Up to (excluding) 11.0.17.0.8-11.3.0.a.ky10
运行在以下环境
系统	kylinos_x86_64_V10	java-11-openjdk	*		Up to (excluding) 11.0.17.8-1.ky10
运行在以下环境
系统	kylinos_x86_64_V10SP1	polkit	*		Up to (excluding) 11.0.17.8-1.ky10
运行在以下环境
系统	kylinos_x86_64_V10SP2	java-11-openjdk	*		Up to (excluding) 11.0.16.8-1.ky10
运行在以下环境
系统	kylinos_x86_64_V10SP3	java-11-openjdk	*		Up to (excluding) 11.0.17.8-1.ky10
运行在以下环境
系统	opensuse_Leap_15.2	polkit-doc	*		Up to (excluding) 11.0.13.0-lp152.2.21.2
运行在以下环境
系统	opensuse_Leap_15.3	polkit-doc	*		Up to (excluding) 11.0.13.0-3.65.1
运行在以下环境
系统	oracle_7	oraclelinux-release	*		Up to (excluding) 1.8.0.312.b07-1.el7_9
运行在以下环境
系统	oracle_8	oraclelinux-release	*		Up to (excluding) 17.0.1.0.12-2.el8_5
运行在以下环境
系统	redhat_7	java-1.8.0-openjdk	*		Up to (excluding) 1.8.0-ibm-1.8.0.7.5-1jpp.1.el7
运行在以下环境
系统	redhat_8	polkit-libs-debuginfo	*		Up to (excluding) 1.8.0.312.b07-1.el8_4
运行在以下环境
系统	suse_12_SP5	typelib-1_0-Polkit-1_0	*		Up to (excluding) 1.7.0.321-43.53.2
运行在以下环境
系统	ubuntu_18.04.5_lts	mysql-5.7	*		Up to (excluding) 5.7.36-0ubuntu0.18.04.1
运行在以下环境
系统	ubuntu_20.04	policykit-1	*		Up to (excluding) 0.105-26ubuntu1.1
运行在以下环境
系统	ubuntu_21.04	policykit-1	*		Up to (excluding) 0.105-30ubuntu0.1
运行在以下环境
系统	ubuntu_21.10	policykit-1	*		Up to (excluding) 0.105-31
运行在以下环境
系统	ubuntu_22.04	policykit-1	*		Up to (excluding) 0.105-31