A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

ez-pwnkit A pure-Go implementation of the CVE-2021-4034 Pwn...

Privilege escalation

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters coun...

Ubuntu 16.04 ESM / 18.04 LTS : shadow vulnerabilities (USN-5254-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5254-1 advisory. It was discovered that shadow incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or expose...

polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters coun...

polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters coun...

SUSE: Security Advisory (SUSE-SU-2022:0141-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-3999

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd in a setuid program could use this flaw to potentially execute...

NTFS-3G versions < 2021.8.22 a stack buffer overflow can occur when correcting differences in the MFT and MFTMirror allowing for code execution or escalation of privileges when setuid-root.

...

An integer underflow issue exists in ntfs-3g 2017.3.23. A local attacker could potentially exploit this by running /bin/ntfs-3g with specially crafted arguments from a specially crafted directory to cause a heap buffer overflow resulting in a crash or the ability to execute arbitrary code. In installations where /bin/ntfs-3g is a setuid-root binary this could lead to a local escalation of privileges.

...

CVE-2021-43411

An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root...

Design/Logic Flaw

An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root...

CVE-2021-43411

An issue was discovered in GNU Hurd before 0.9 20210404-9. When trying to exec a setuid executable, there's a window of time when the process already has the new privileges, but still refers to the old task and is accessible through the old process port. This can be exploited to get full root...

CVE-2021-43411

CVE-2021-43411 affects GNU Hurd up to version 0.9 20210404-9. When attempting to exec a setuid executable, a window exists where the process has new privileges but still references the old task and is reachable via the old process port, enabling full root access according to the vulnerability des...

GNU Hurd 竞争条件问题漏洞

Gnu Hurd is a Gnu project replacement for the Unix kernel. It is used to implement file systems, network protocols, file access control, and other features implemented by the Unix kernel or similar kernels such as Linux. A security vulnerability exists in GNU Hurd, which originated in GNU Hurd...

VMware Multiple Products Privilege Escalation Vulnerability

VMware Fusion, Remote Console VMRC for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root...

VulnCheck KEV: CVE-2020-3950

VMware Fusion, Remote Console VMRC for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root...

CVE-2011-4125

A untrusted search path issue was found in Calibre at devices/linuxmounthelper.c leading to the ability of unprivileged users to execute any program as root...

CVE-2011-4124

Input validation issues were found in Calibre at devices/linuxmounthelper.c which can lead to argument injection and elevation of privileges...

CVE-2021-3847

An unauthorized access to the execution of the setuid file with capabilities flaw in the Linux kernel OverlayFS subsystem was found in the way user copying a file with capabilities from a nosuid mount into another mount. A local user could use this flaw to escalate their privileges on the system...