Closed fdellwing closed 3 years ago
Hi @fdellwing,
Sorry for the delay. Please, could you suggest a way to detect this vulnerability? Thank you
Really really hacky implementation:
if busctl list 2>/dev/null | grep -q com.ubuntu.USBCreator; then
pc_version=$(dpkg -l 2>/dev/null | grep policykit-desktop-privileges | grep -oP "[0-9][0-9a-zA-Z\.]+")
if [ -z "$pc_version" ]; then
pc_version=$(apt-cache policy policykit-desktop-privileges 2>/dev/null | grep -oP "\*\*\*.*" | cut -d" " -f2)
fi
if [ -n "$pc_version" ]; then
pc_length=${#pc_version}
pc_numeric=$(echo "$pc_version" | cut -c1-4)
if [[ $pc_length -eq 4 && $pc_numeric -lt 0.21 ]]; then
echo "vurnerable"
else
echo "not vurnerable"
fi
fi
fi
Hi @fdellwing,
Sorry mate for make you wait this long, I have been quiet busy. This check is now implemented in the latest version of linpeas (v2.9.6). Thank you!
No problem, keep up the awesome work!
Source:
https://unit42.paloaltonetworks.com/usbcreator-d-bus-privilege-escalation-in-ubuntu-desktop/
Ubuntu Desktop system with
policykit-desktop-privileges
<= 0.20 will allow any member of thesudo
group to write files asroot
without knowledge of the users password if USBCreator is present.