1) no policykit-1 package is installed
root@Alexey-HP:~$ apt list --installed | grep policykit-1
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
root@Alexey-HP:~$
This test is currently working on Debian (stretch, buster, and bullseye) and Ubuntu (18.04, 20.04, 21.10) only
If your distro is not on this list, please check the apropriate advisory, and update your system soon.
For RedHat distros we suggest the following mitigation: https://access.redhat.com/security/vulnerabilities/RHSB-2022-001#Mitigation
[*] Test started
Traceback (most recent call last):
File "/home/azureuser/PwnKit-Hunter/./CVE-2021-4034_Finder.py", line 96, in
main()
File "/home/azureuser/PwnKit-Hunter/./CVE-2021-4034_Finder.py", line 82, in main
is_vuln = check_deb_varients(dist)
File "/home/azureuser/PwnKit-Hunter/./CVE-2021-4034_Finder.py", line 31, in check_deb_varients
pkg_ver = pkg.installed.version
AttributeError: 'NoneType' object has no attribute 'version'
root@Alexey-HP:~/PwnKit-Hunter$
pls. fix the script CVE-2021-4034_Finder.py so that it does not throw out such error messages
This test is currently working on Debian (stretch, buster, and bullseye) and Ubuntu (18.04, 20.04, 21.10) only
If your distro is not on this list, please check the apropriate advisory, and update your system soon.
For RedHat distros we suggest the following mitigation: https://access.redhat.com/security/vulnerabilities/RHSB-2022-001#Mitigation
[*] Test started
[+] Your polkit package is not vulnerable. Keep being secure
root@Alexey-HP:~/PwnKit-Hunter$ ./PwnKit-Patch-Finder
---> PwnKit-Hunter <---
[] DISCLAIMER: This tool is only valid on Debian, Ubuntu, and their variants.
[] pkexec usage may appear, if so, you may ignore it.
[-] Your policykit-1 package is vulnerable.
[*]Use: 'apt install policykit-1' to update to the patched version.
Hello, all !
I have Debian 10.
1) no policykit-1 package is installed root@Alexey-HP:~$ apt list --installed | grep policykit-1 WARNING: apt does not have a stable CLI interface. Use with caution in scripts. root@Alexey-HP:~$
root@Alexey-HP:~$ git clone https://github.com/cyberark/PwnKit-Hunter.git Cloning into 'PwnKit-Hunter'... remote: Enumerating objects: 78, done. remote: Counting objects: 100% (78/78), done. remote: Compressing objects: 100% (76/76), done. remote: Total 78 (delta 42), reused 0 (delta 0), pack-reused 0 Unpacking objects: 100% (78/78), done. root@Alexey-HP:~$ cd PwnKit-Hunter root@Alexey-HP:~/PwnKit-Hunter$ chmod +x CVE-2021-4034_Finder.py root@Alexey-HP:~/PwnKit-Hunter$ ./CVE-2021-4034_Finder.py ---> PwnKit-Hunter <---
This test is currently working on Debian (stretch, buster, and bullseye) and Ubuntu (18.04, 20.04, 21.10) only If your distro is not on this list, please check the apropriate advisory, and update your system soon. For RedHat distros we suggest the following mitigation: https://access.redhat.com/security/vulnerabilities/RHSB-2022-001#Mitigation
[*] Test started Traceback (most recent call last): File "/home/azureuser/PwnKit-Hunter/./CVE-2021-4034_Finder.py", line 96, in
main()
File "/home/azureuser/PwnKit-Hunter/./CVE-2021-4034_Finder.py", line 82, in main
is_vuln = check_deb_varients(dist)
File "/home/azureuser/PwnKit-Hunter/./CVE-2021-4034_Finder.py", line 31, in check_deb_varients
pkg_ver = pkg.installed.version
AttributeError: 'NoneType' object has no attribute 'version'
root@Alexey-HP:~/PwnKit-Hunter$
pls. fix the script CVE-2021-4034_Finder.py so that it does not throw out such error messages
the same is with PwnKit-Patch-Finder script
azureuser@pgpro-ent1351-debian10-x64-prepare:~/PwnKit-Hunter$ ./PwnKit-Patch-Finder ---> PwnKit-Hunter <---
[] DISCLAIMER: This tool is only valid on Debian, Ubuntu, and their variants. [] pkexec usage may appear, if so, you may ignore it.
[-] Your policykit-1 package is vulnerable. [*]Use: 'apt install policykit-1' to update to the patched version.
azureuser@pgpro-ent1351-debian10-x64-prepare:~/PwnKit-Hunter$
it says the package is vulnerable, but it's not installed
2) let's install policykit-1 package
root@Alexey-HP:~/PwnKit-Hunter$ sudo apt-get install policykit-1 Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required: cpp-8 libapt-inst2.0 libasan5 libisl19 libkadm5clnt-mit11 libkadm5srv-mit11 libkdb5-9 libmpx2 libpython2-stdlib multiarch-support python2 python2-minimal python2.7 python2.7-minimal python3.7-minimal Use 'sudo apt autoremove' to remove them. The following additional packages will be installed: libpolkit-agent-1-0 libpolkit-gobject-1-0 pkexec polkitd The following NEW packages will be installed: libpolkit-agent-1-0 libpolkit-gobject-1-0 pkexec policykit-1 polkitd 0 upgraded, 5 newly installed, 0 to remove and 369 not upgraded. Need to get 212 kB of archives. After this operation, 636 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://ftp.us.debian.org/debian unstable/main amd64 libpolkit-gobject-1-0 amd64 0.105-33 [49.7 kB] Get:2 http://ftp.us.debian.org/debian unstable/main amd64 libpolkit-agent-1-0 amd64 0.105-33 [29.1 kB] Get:3 http://ftp.us.debian.org/debian unstable/main amd64 polkitd amd64 0.105-33 [88.9 kB] Get:4 http://ftp.us.debian.org/debian unstable/main amd64 pkexec amd64 0.105-33 [28.3 kB] Get:5 http://ftp.us.debian.org/debian unstable/main amd64 policykit-1 amd64 0.105-33 [16.5 kB] Fetched 212 kB in 2s (115 kB/s) Selecting previously unselected package libpolkit-gobject-1-0:amd64. (Reading database ... 111255 files and directories currently installed.) Preparing to unpack .../libpolkit-gobject-1-0_0.105-33_amd64.deb ... Unpacking libpolkit-gobject-1-0:amd64 (0.105-33) ... Selecting previously unselected package libpolkit-agent-1-0:amd64. Preparing to unpack .../libpolkit-agent-1-0_0.105-33_amd64.deb ... Unpacking libpolkit-agent-1-0:amd64 (0.105-33) ... Selecting previously unselected package polkitd. Preparing to unpack .../polkitd_0.105-33_amd64.deb ... Unpacking polkitd (0.105-33) ... Selecting previously unselected package pkexec. Preparing to unpack .../pkexec_0.105-33_amd64.deb ... Unpacking pkexec (0.105-33) ... Selecting previously unselected package policykit-1. Preparing to unpack .../policykit-1_0.105-33_amd64.deb ... Unpacking policykit-1 (0.105-33) ... Setting up libpolkit-gobject-1-0:amd64 (0.105-33) ... Setting up libpolkit-agent-1-0:amd64 (0.105-33) ... Setting up polkitd (0.105-33) ... Setting up pkexec (0.105-33) ... Setting up policykit-1 (0.105-33) ... Processing triggers for man-db (2.8.5-2) ... Processing triggers for dbus (1.12.20-0+deb10u1) ... Processing triggers for libc-bin (2.33-7) ... root@Alexey-HP:~/PwnKit-Hunter$
root@Alexey-HP:~/PwnKit-Hunter$ ./CVE-2021-4034_Finder.py ---> PwnKit-Hunter <---
This test is currently working on Debian (stretch, buster, and bullseye) and Ubuntu (18.04, 20.04, 21.10) only If your distro is not on this list, please check the apropriate advisory, and update your system soon. For RedHat distros we suggest the following mitigation: https://access.redhat.com/security/vulnerabilities/RHSB-2022-001#Mitigation
[*] Test started [+] Your polkit package is not vulnerable. Keep being secure root@Alexey-HP:~/PwnKit-Hunter$ ./PwnKit-Patch-Finder ---> PwnKit-Hunter <---
[] DISCLAIMER: This tool is only valid on Debian, Ubuntu, and their variants. [] pkexec usage may appear, if so, you may ignore it.
[-] Your policykit-1 package is vulnerable. [*]Use: 'apt install policykit-1' to update to the patched version.
root@Alexey-HP:~/PwnKit-Hunter$
two scripts provide different results - pls. fix