Vulnerability: Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

guest · Dec 7, 2018

Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command
December 6, 2018
https://thehackernews.com/2018/12/linux-user-privilege-policykit.html

A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly—thanks to a newly discovered vulnerability.

The reported vulnerability actually resides in PolicyKit (also known as polkit)—an application-level toolkit for Unix-like operating systems that defines policies, handles system-wide privileges [...]
The issue, tracked as CVE-2018-19788, impacts PolicyKit version 0.115 which comes pre-installed on most popular Linux distributions, including Red Hat, Debian, Ubuntu, and CentOS.

The vulnerability exists due to PolicyKit's improper validation of permission requests for any low-privileged user with UID greater than INT_MAX.
Click to expand...

mirimir · Dec 7, 2018

Interesting. But only root can create new accounts. And if you have root, why do you need this? To try to hide?

Mrkvonic · Dec 9, 2018

The problem is with programatically configured applications that may have setuid on account creation.
Mrk

mirimir · Dec 9, 2018

OK, then, so this is just a subset of getting pwned by malicious apps.

But I guess that it wasn't something code reviewers were looking for, in the past.

To check:
Code:
$ cat /etc/passwd | mawk -F : '{ print $3 }' | sort -n | tail -n 1

Log in or Sign up

Vulnerability: Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

guest Guest

mirimir Registered Member

Mrkvonic Linux Systems Expert

mirimir Registered Member

Log in or Sign up

Vulnerability: Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

guest Guest

mirimir Registered Member

Mrkvonic Linux Systems Expert

mirimir Registered Member

Useful Searches