exploitDog

SUSE-SU-2022:0191-1

Опубликовано: 25 янв. 2022

Источник: suse-cvrf

Описание

Security update for polkit

This update for polkit fixes the following issues:

CVE-2021-4034: Fixed a local privilege escalation in pkexec (bsc#1194568).

Список пакетов

Image SLES15-Azure-BYOS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-EC2-HVM-BYOS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-GCE-BYOS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SAP-Azure

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SAP-Azure-BYOS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SAP-Azure-LI-BYOS-Production

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SAP-Azure-VLI-BYOS-Production

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SAP-EC2-HVM

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SAP-EC2-HVM-BYOS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SAP-GCE

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SAP-GCE-BYOS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SP1-Azure-BYOS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SP1-Azure-HPC-BYOS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SP1-EC2-HPC-HVM-BYOS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SP1-EC2-HVM-BYOS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SP1-GCE-BYOS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SP1-SAP-Azure

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SP1-SAP-Azure-BYOS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SP1-SAP-EC2-HVM

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SP1-SAP-EC2-HVM-BYOS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SP1-SAP-GCE

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SP1-SAP-GCE-BYOS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SP1-SAPCAL-Azure

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SP1-SAPCAL-EC2-HVM

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

Image SLES15-SP1-SAPCAL-GCE

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

SUSE Enterprise Storage 6

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

polkit-devel-0.114-3.15.1

typelib-1_0-Polkit-1_0-0.114-3.15.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

polkit-devel-0.114-3.15.1

typelib-1_0-Polkit-1_0-0.114-3.15.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

polkit-devel-0.114-3.15.1

typelib-1_0-Polkit-1_0-0.114-3.15.1

SUSE Linux Enterprise High Performance Computing 15-ESPOS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

polkit-devel-0.114-3.15.1

typelib-1_0-Polkit-1_0-0.114-3.15.1

SUSE Linux Enterprise High Performance Computing 15-LTSS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

polkit-devel-0.114-3.15.1

typelib-1_0-Polkit-1_0-0.114-3.15.1

SUSE Linux Enterprise Server 15 SP1-BCL

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

polkit-devel-0.114-3.15.1

typelib-1_0-Polkit-1_0-0.114-3.15.1

SUSE Linux Enterprise Server 15 SP1-LTSS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

polkit-devel-0.114-3.15.1

typelib-1_0-Polkit-1_0-0.114-3.15.1

SUSE Linux Enterprise Server 15-LTSS

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

polkit-devel-0.114-3.15.1

typelib-1_0-Polkit-1_0-0.114-3.15.1

SUSE Linux Enterprise Server for SAP Applications 15

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

polkit-devel-0.114-3.15.1

typelib-1_0-Polkit-1_0-0.114-3.15.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

libpolkit0-0.114-3.15.1

polkit-0.114-3.15.1

polkit-devel-0.114-3.15.1

typelib-1_0-Polkit-1_0-0.114-3.15.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20220191-1/
Link for SUSE-SU-2022:0191-1
https://lists.suse.com/pipermail/sle-security-updates/2022-January/010075.html
E-Mail link for SUSE-SU-2022:0191-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1194568
SUSE Bug 1194568
https://www.suse.com/security/cve/CVE-2021-4034/
SUSE CVE CVE-2021-4034 page

Описание

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

Затронутые продукты

Image SLES15-Azure-BYOS:libpolkit0-0.114-3.15.1

Image SLES15-Azure-BYOS:polkit-0.114-3.15.1

Image SLES15-EC2-HVM-BYOS:libpolkit0-0.114-3.15.1

Image SLES15-EC2-HVM-BYOS:polkit-0.114-3.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-4034.html
CVE-2021-4034
https://bugzilla.suse.com/1194568
SUSE Bug 1194568
https://bugzilla.suse.com/1195125
SUSE Bug 1195125
https://bugzilla.suse.com/1195136
SUSE Bug 1195136
https://bugzilla.suse.com/1195246
SUSE Bug 1195246
https://bugzilla.suse.com/1195265
SUSE Bug 1195265
https://bugzilla.suse.com/1195278
SUSE Bug 1195278
https://bugzilla.suse.com/1195528
SUSE Bug 1195528
https://bugzilla.suse.com/1195541
SUSE Bug 1195541
https://bugzilla.suse.com/1196165
SUSE Bug 1196165
https://bugzilla.suse.com/1196388
SUSE Bug 1196388
https://bugzilla.suse.com/1225668
SUSE Bug 1225668

Уязвимость SUSE-SU-2022:0191-1