Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-19788 PoC — Red Hat PolicyKit 输入验证错误漏洞

Source
https://github.com/d4gh0s7/CVE-2018-19788
Associated Vulnerability
Title:Red Hat PolicyKit 输入验证错误漏洞 (CVE-2018-19788)
Description:Red Hat PolicyKit(Polkit)是美国红帽(Red Hat)公司的一个用于在Unix兼容系统中对应用程序进行权限控制的工具。该工具为现代桌面提供了一个中央框架用于授权一般应用程序进行特权工作。 Red Hat PolicyKit 0.115版本中存在安全漏洞。攻击者可利用该漏洞执行任意的systemctl命令。
Description
Ansible role to check the vulnerability tracked as CVE-2018-19788, impacts PolicyKit version 0.115 which comes pre-installed on a wide range of Linux distributions
Readme
Proof of Concept for the CVE-2018-19788
=========

Ansible role to check the vulnerability tracked as [**CVE-2018-19788**](https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-19788.html) that impacts [**PolicyKit**](https://www.freedesktop.org/wiki/Software/polkit/) version `0.115` which comes pre-installed on a wide range of Linux distributions such as Ubuntu, Red Hat, CentOs, to mention a few.

## Requirements

Minimum required ansible version **2.4.0**

Role Variables
--------------

```yaml
# The user name to be provisioned to execute the exploit
CVE_2018_19788_test_user: cve_test

# The UID assigned to CVE_2018_19788_test_user (must be equal or greater than 2147483647)
CVE_2018_19788_test_user_uid: 2147483669

# Set the proper privileged group for your distro. Please check the compatibilty matrix for the supported systems
CVE_2018_19788_privileged_group: wheel

# Flag to No to avoid checking and rendering the list of users able to leverage the CVE-2018-19788 vunerability
CVE_2018_19788_list_explotable_users: Yes

# Flag to No if you need to run further testing with the test account;
# Beaware that if your system is vulnerable, this account could become a problem
CVE_2018_19788_remove_test_user: Yes
```

Example Playbook
----------------

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:

    - hosts: all
      roles:
         - { role: d4gh0s7.cve_2018_19788 }

## License

**CC0 1.0**

## Author Information

[Francesco Cosentino](https://www.linkedin.com/in/francesco-cosentino/) - 
<fc@hyperd.sh>
File Snapshot

 [4.0K]  /data/pocs/6a7be7dfafd5288731dd56f9eff607a027ea387e
├── [4.0K]  defaults
│   └── [ 389]  main.yml
├── [4.0K]  files
│   └── [ 900]  CVE-2018-19788-PoC.sh
├── [4.0K]  handlers
│   └── [ 219]  main.yml
├── [6.4K]  LICENSE
├── [4.0K]  meta
│   └── [ 444]  main.yml
├── [1.6K]  README.md
├── [4.0K]  tasks
│   └── [2.4K]  main.yml
├── [4.0K]  tests
│   ├── [  11]  inventory
│   └── [  72]  test.yml
└── [4.0K]  vars
    └── [  91]  main.yml

7 directories, 10 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.