search

offensive-security / exploitdb

The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb
https://gitlab.com/exploit-database/exploitdb
GNU General Public License v2.0
7.74k stars 1.88k forks source link

50011.sh finds vulnerable version of polkit if polkit is not installed on Redhat systems #218

Closed domwhewell closed 2 years ago

domwhewell commented 2 years ago

On a redhat system where polkit isnt installed the script prints "[*] Vulnerable version of polkit found"

# Check Polkit version
polkitVersion=$(systemctl status polkit.service | grep version | cut -d " " -f 9)
if [[ "$(apt list --installed 2>/dev/null | grep polkit | grep -c 0.105-26)" -ge 1 || "$(yum list installed | grep polkit | grep -c 0.117-2)" ]]; then
    echo "[*] Vulnerable version of polkit found"
else
    echo "[!] WARNING: Version of polkit might not vulnerable"
fi

The yum statement evaluates to false however it still prints vulnerable. I beleive a -ge 1 is missing after the )" e.g.

# Check Polkit version
polkitVersion=$(systemctl status polkit.service | grep version | cut -d " " -f 9)
if [[ "$(apt list --installed 2>/dev/null | grep polkit | grep -c 0.105-26)" -ge 1 || "$(yum list installed | grep polkit | grep -c 0.117-2)" -ge 1 ]]; then
    echo "[*] Vulnerable version of polkit found"
else
    echo "[!] WARNING: Version of polkit might not vulnerable"
fi
offensive-security commented 2 years ago

Sorry for the delay. Thank you for the bug report - however its best to contact the author to have it added to their code so we can import it. Its not yet possible todo two way git merges upstream to our database.