exploitdb icon indicating copy to clipboard operation
exploitdb copied to clipboard
verified publisher icon offensive-security

50011.sh finds vulnerable version of polkit if polkit is not installed on Redhat systems

Open domwhewell opened this issue 3 years ago • 0 comments

On a redhat system where polkit isnt installed the script prints "[*] Vulnerable version of polkit found"

# Check Polkit version
polkitVersion=$(systemctl status polkit.service | grep version | cut -d " " -f 9)
if [[ "$(apt list --installed 2>/dev/null | grep polkit | grep -c 0.105-26)" -ge 1 || "$(yum list installed | grep polkit | grep -c 0.117-2)" ]]; then
    echo "[*] Vulnerable version of polkit found"
else
    echo "[!] WARNING: Version of polkit might not vulnerable"
fi

The yum statement evaluates to false however it still prints vulnerable. I beleive a -ge 1 is missing after the )" e.g.

# Check Polkit version
polkitVersion=$(systemctl status polkit.service | grep version | cut -d " " -f 9)
if [[ "$(apt list --installed 2>/dev/null | grep polkit | grep -c 0.105-26)" -ge 1 || "$(yum list installed | grep polkit | grep -c 0.117-2)" -ge 1 ]]; then
    echo "[*] Vulnerable version of polkit found"
else
    echo "[!] WARNING: Version of polkit might not vulnerable"
fi

domwhewell avatar Feb 09 '22 12:02 domwhewell