Merge pull request #264 from deoxykev/master

More robust implementation of pkexec binary modification time check
fix typo
2025-12-24 08:49:04 +00:00 · 2022-02-03 09:53:50 +00:00 · 2022-02-02 21:32:43 -08:00 · 2022-02-02 21:30:43 -08:00 · 2022-02-01 16:21:36 +00:00 · 2022-01-31 13:21:10 +00:00
2 changed files with 6 additions and 1 deletions
--- a/.github/workflows/CI-master_tests.yml
+++ b/.github/workflows/CI-master_tests.yml
@@ -6,7 +6,7 @@ on:
      - master
  
  schedule:
-    - cron: "5 4 * * *"
+    - cron: "5 4 * * SUN"

  workflow_dispatch:

--- a/linPEAS/builder/linpeas_parts/1_system_information.sh
+++ b/linPEAS/builder/linpeas_parts/1_system_information.sh
@@ -21,6 +21,11 @@ else echo_not_found "sudo"
 fi
 echo ""

+#-- SY) CVE-2021-4034
+if [ `command -v pkexec` ] && stat -c '%a' $(which pkexec) | grep -q 4755 && [ "$(stat -c '%Y' $(which pkexec))" -lt "1642035600" ]; then 
+    echo "Vulnerable to CVE-2021-4034 (polkit privesc)" | sed -${E} "s,.*,${SED_RED_YELLOW},"
+fi
+
 #--SY) USBCreator
 if (busctl list 2>/dev/null | grep -q com.ubuntu.USBCreator) || [ "$DEBUG" ]; then
    print_2title "USBCreator"
Author	SHA1	Message	Date
Carlos Polop	9f4045c697	Merge pull request #264 from deoxykev/master More robust implementation of pkexec binary modification time check	2022-02-03 09:53:50 +00:00
Kevin Pham	52c2a1e11b	fix typo fix typo	2022-02-02 21:32:43 -08:00
Kevin Pham	f3495c48e9	Update 1_system_information.sh More robust implementation of pkexec binary modification time check with integer comparison instead of date regex grep. 1642035600 == Thursday, January 13, 2022 1:00:00 AM Which is when it was first patched. We have to check this way because the polkit version number is the same, patched & unpatched.	2022-02-02 21:30:43 -08:00
Carlos Polop	db89a779ad	Update 1_system_information.sh	2022-02-01 16:21:36 +00:00
Carlos Polop	77cc22a657	Update 1_system_information.sh	2022-01-31 13:21:10 +00:00
Carlos Polop	cc1e2b4d3c	Update CI-master_tests.yml	2022-01-31 13:19:53 +00:00