LinPEAS - CVE-2021-3560 false positive

On ubuntu (and probably other distros), linpeas will give a false positive for CVE-2021-3560 with patched versions of libpolkit.

This is because [it only checks for libpolkit 0.105-26](https://github.com/peass-ng/PEASS-ng/blob/46193aa0d52b8beddbe70774464d48048cfbb0e2/linPEAS/builder/linpeas_parts/1_system_information/15_CVE_2021_3560.sh#L15), ignoring patch information. This is an issue on ubuntu, since [it was patched in 0.105-26ubuntu1.1](https://launchpad.net/ubuntu/+source/policykit-1/0.105-26ubuntu1.1), but the patch number is ignored.

I'm not sure if this could be fixed universally, but it could be fixed for ubuntu by changing the `grep -q 'polkit.*0\.105-26'` to `grep 'polkit.*0\.105-26' | grep -qv ubuntu1.[1-9]`.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

LinPEAS - CVE-2021-3560 false positive #463

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

LinPEAS - CVE-2021-3560 false positive #463

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions