A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
{
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "2.0"
}
],
"cpes": [
"cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE",
"vendor_product": "siemens:scalance_lpe9403_firmware"
},
{
"extracted_events": [
{
"fixed": "3.3.0"
}
],
"vendor_product": "siemens:sinumerik_edge",
"cpes": [
"cpe:2.3:a:siemens:sinumerik_edge:*:*:*:*:*:*:*:*"
],
"source": "CPE_RANGE"
},
{
"extracted_events": [
{
"introduced": "14.04"
},
{
"last_affected": "14.04"
},
{
"introduced": "16.04"
},
{
"last_affected": "16.04"
},
{
"introduced": "18.04"
},
{
"last_affected": "18.04"
},
{
"introduced": "20.04"
},
{
"last_affected": "20.04"
},
{
"introduced": "21.10"
},
{
"last_affected": "21.10"
}
],
"source": "CPE_STRING",
"vendor_product": "canonical:ubuntu_linux",
"cpes": [
"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
"cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "12.2.1.3.0"
},
{
"last_affected": "12.2.1.3.0"
},
{
"introduced": "12.2.1.4.0"
},
{
"last_affected": "12.2.1.4.0"
}
],
"cpes": [
"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"vendor_product": "oracle:http_server"
},
{
"extracted_events": [
{
"introduced": "8.8"
},
{
"last_affected": "8.8"
}
],
"source": "CPE_STRING",
"vendor_product": "oracle:zfs_storage_appliance_kit",
"cpes": [
"cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
}
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux_desktop"
},
{
"extracted_events": [
{
"introduced": "8.2"
},
{
"last_affected": "8.2"
}
],
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux_eus"
},
{
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
},
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
}
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux_for_ibm_z_systems",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "8.2"
},
{
"last_affected": "8.2"
},
{
"introduced": "8.4"
},
{
"last_affected": "8.4"
}
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux_for_ibm_z_systems_eus",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*"
],
"vendor_product": "redhat:enterprise_linux_for_power_big_endian",
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
},
{
"introduced": "8.0"
},
{
"last_affected": "8.0"
}
],
"vendor_product": "redhat:enterprise_linux_for_power_little_endian",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "8.1"
},
{
"last_affected": "8.1"
},
{
"introduced": "8.2"
},
{
"last_affected": "8.2"
},
{
"introduced": "8.4"
},
{
"last_affected": "8.4"
}
],
"vendor_product": "redhat:enterprise_linux_for_power_little_endian_eus",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*"
],
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux_for_scientific_computing",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "6.0"
},
{
"last_affected": "6.0"
},
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"vendor_product": "redhat:enterprise_linux_server",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "7.3"
},
{
"last_affected": "7.3"
},
{
"introduced": "7.4"
},
{
"last_affected": "7.4"
},
{
"introduced": "7.6"
},
{
"last_affected": "7.6"
},
{
"introduced": "7.7"
},
{
"last_affected": "7.7"
},
{
"introduced": "8.2"
},
{
"last_affected": "8.2"
},
{
"introduced": "8.4"
},
{
"last_affected": "8.4"
}
],
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux_server_aus"
},
{
"extracted_events": [
{
"introduced": "8.4"
},
{
"last_affected": "8.4"
}
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux_server_eus",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "7.6"
},
{
"last_affected": "7.6"
},
{
"introduced": "7.7"
},
{
"last_affected": "7.7"
},
{
"introduced": "8.2"
},
{
"last_affected": "8.2"
},
{
"introduced": "8.4"
},
{
"last_affected": "8.4"
}
],
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"vendor_product": "redhat:enterprise_linux_server_tus"
},
{
"extracted_events": [
{
"introduced": "7.6"
},
{
"last_affected": "7.6"
},
{
"introduced": "7.7"
},
{
"last_affected": "7.7"
},
{
"introduced": "8.1"
},
{
"last_affected": "8.1"
},
{
"introduced": "8.2"
},
{
"last_affected": "8.2"
},
{
"introduced": "8.4"
},
{
"last_affected": "8.4"
}
],
"vendor_product": "redhat:enterprise_linux_server_update_services_for_sap_solutions",
"cpes": [
"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*",
"cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*",
"cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*"
],
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"vendor_product": "redhat:enterprise_linux_workstation",
"cpes": [
"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"
],
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "1.0-update3_build5871"
},
{
"last_affected": "1.0-update3_build5871"
}
],
"vendor_product": "starwindsoftware:command_center",
"cpes": [
"cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*"
],
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "v8-build14338"
},
{
"last_affected": "v8-build14338"
}
],
"vendor_product": "starwindsoftware:starwind_virtual_san",
"cpes": [
"cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*"
],
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "7.0"
},
{
"last_affected": "7.0"
}
],
"source": "CPE_STRING",
"vendor_product": "suse:enterprise_storage",
"cpes": [
"cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "15-sp2"
},
{
"last_affected": "15-sp2"
}
],
"cpes": [
"cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:*:*:*:*:*:*"
],
"source": "CPE_STRING",
"vendor_product": "suse:linux_enterprise_desktop"
},
{
"extracted_events": [
{
"introduced": "15.0-sp2"
},
{
"last_affected": "15.0-sp2"
}
],
"cpes": [
"cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:-:*:*:*"
],
"source": "CPE_STRING",
"vendor_product": "suse:linux_enterprise_high_performance_computing"
},
{
"extracted_events": [
{
"introduced": "15-sp2"
},
{
"last_affected": "15-sp2"
},
{
"introduced": "15-sp2"
},
{
"last_affected": "15-sp2"
}
],
"cpes": [
"cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:-:*:*",
"cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:sap:*:*"
],
"vendor_product": "suse:linux_enterprise_server",
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "12-sp5"
},
{
"last_affected": "12-sp5"
}
],
"source": "CPE_STRING",
"vendor_product": "suse:linux_enterprise_workstation_extension",
"cpes": [
"cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*"
]
},
{
"extracted_events": [
{
"introduced": "4.1"
},
{
"last_affected": "4.1"
}
],
"vendor_product": "suse:manager_proxy",
"cpes": [
"cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*"
],
"source": "CPE_STRING"
},
{
"extracted_events": [
{
"introduced": "4.1"
},
{
"last_affected": "4.1"
}
],
"source": "CPE_STRING",
"vendor_product": "suse:manager_server",
"cpes": [
"cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*"
]
}
]
}{
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "121"
}
],
"cpe": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*",
"source": [
"CPE_RANGE",
"REFERENCES"
]
}