diff options
author | Adriaan de Groot <adridg@FreeBSD.org> | 2022-01-26 23:02:41 +0000 |
---|---|---|
committer | Adriaan de Groot <adridg@FreeBSD.org> | 2022-01-26 23:05:01 +0000 |
commit | 7e3378fc941d3710b4d864e3fffa0c78004b0632 (patch) | |
tree | f8e7c0d6482727ef8de5283d0a9b35e139c4b453 | |
parent | 64fde89d49029e00b86e66041f3dfda16725ead7 (diff) | |
download | ports-7e3378fc941d3710b4d864e3fffa0c78004b0632.tar.gz ports-7e3378fc941d3710b4d864e3fffa0c78004b0632.zip |
security/vuxml: notify polkit local-privilege-escalation
It was unclear if the actual explot would work on FreeBSD,
since there's no GNU libc which the payload would work on.
The following changes are / have been applied:
- fix in polkit from upstream (from Greg V)
- at kernel level, fixes to disallow argc==0 (from kevans, I think)
PR: 261482
-rw-r--r-- | security/vuxml/vuln-2022.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index f0f0d7dd6ca9..7d27bd6cc453 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,32 @@ + <vuln vid="0f8bf913-7efa-11ec-8c04-2cf05d620ecc"> + <topic>polkit -- Local Privilege Escalation</topic> + <affects> + <package> + <name>polkit</name> + <range><lt>0.120_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Qualys reports:</p> + <blockquote cite="https://seclists.org/oss-sec/2022/q1/80"> + <p>We discovered a Local Privilege Escalation (from any user to root) in +polkit's pkexec, a SUID-root program that is installed by default on +every major Linux distribution.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-4034</cvename> + <url>https://seclists.org/oss-sec/2022/q1/80</url> + <freebsdpr>ports/261482</freebsdpr> + </references> + <dates> + <discovery>2022-01-25</discovery> + <entry>2022-01-26</entry> + </dates> + </vuln> + <vuln vid="ccaea96b-7dcd-11ec-93df-00224d821998"> <topic>strongswan - Incorrect Handling of Early EAP-Success Messages</topic> <affects> |