<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Dominik Czarnota <dominik.b.czarnota () gmail com>
Date: Wed, 26 Jan 2022 13:54:45 +0100
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Hi,
And many other binaries also do things incorrectly:
- https://grep.app/search?q=%3D%201%3B%20n%20%3C%20argc
- https://grep.app/search?q=%3D%201%3B%20.%20%3C%20argc&regexp=true
But most of them are not suid binaries and also do not perform a write into
argv[].
Cheers,
Disconnect3d
On Wed, 26 Jan 2022 at 13:52, Matthias Schmidt <oss-sec () xosc org> wrote:
Hi,
* Qualys Security Advisory wrote:
Qualys Security Advisory
pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
This was already mentioned in 2013 in a blog post, however, it seems the
author didn't realize the consequences of their finding:
https://ryiron.wordpress.com/2013/12/16/argv-silliness/
Cheers
Matthias
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Qualys Security Advisory (Jan 25)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Sam James (Jan 25)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Roman Medina-Heigl Hernandez (Jan 26)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Henri Salo (Jan 26)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Erik Auerswald (Jan 26)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Chris Boot (Jan 27)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Matthias Schmidt (Jan 26)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Dominik Czarnota (Jan 26)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Kai Lüke (Jan 27)
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Bastian Blank (Jan 27)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->