LinPeas Reports redhat system as vulnerable to CVE-2021-3560 even though polkit isnt installed

[domwhewell]

Issue description

On a redhat system where polkit isnt installed, linpeas reports prints "Vulnerable to CVE-2021-3560"

#-- SY) CVE-2021-3560
polkitVersion=$(systemctl status polkit.service | grep version | cut -d " " -f 9)
if [[ "$(apt list --installed 2>/dev/null | grep polkit | grep -c 0.105-26)" -ge 1 || "$(yum list installed | grep polkit | grep -c 0.117-2)" ]]; then
echo "Vulnerable to CVE-2021-3560" | sed -${E} "s,.*,${SED_RED_YELLOW},"
fi

The yum statement evaluates to false however it still prints vulnerable. I beleive a -ge 1 is missing after the )" e.g.

#-- SY) CVE-2021-3560
polkitVersion=$(systemctl status polkit.service | grep version | cut -d " " -f 9)
if [[ "$(apt list --installed 2>/dev/null | grep polkit | grep -c 0.105-26)" -ge 1 || "$(yum list installed | grep polkit | grep -c 0.117-2)" -ge 1 ]]; then
echo "Vulnerable to CVE-2021-3560" | sed -${E} "s,.*,${SED_RED_YELLOW},"
fi

Steps to reproduce the issue

1. Access a redhat system without polkit installed
2. wget linpeas from github
3. chmod +x linpeas.sh && ./linpeas.sh

Which parameters did you use for executing the script and how did you execute it?

./linpeas.sh

Is there any AV / Threat protection in the system?

N/A

Please, indicate the OS, the OS version, and the kernel version (build number in case of Windows)

Redhat

How did you expect it to work?

Statement evaluates to false so nothing is printed

[carlospolop]

Hi @domwhewell,

Thank you for letting me know, it looks like you are right, I have modified that code. I took the test from the check the exploit (https://www.exploit-db.com/exploits/50011) performs in case you want to notify them also. A new version of linpeas with this issue fixed will be available in a couple of hours.