CVE-2021-32552 – apport read_file() function could follow maliciously constructed symbolic links
https://notcve.org/view.php?id=CVE-2021-32552
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users. Se ha detectado que la función read_file() en el archivo apport/hookutils.py podría seguir enlaces simbólicos o abrir FIFOs. Cuando esta función es usada por el paquete openjdk-16 apport hooks, podría exponer datos privados a otros usuarios locales • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVE-2021-32550 – apport read_file() function could follow maliciously constructed symbolic links
https://notcve.org/view.php?id=CVE-2021-32550
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users. Se ha detectado que la función read_file() en el archivo apport/hookutils.py podría seguir enlaces simbólicos o abrir FIFOs. Cuando esta función es usada por el paquete openjdk-14 apport hooks, podría exponer datos privados a otros usuarios locales • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVE-2021-32549 – apport read_file() function could follow maliciously constructed symbolic links
https://notcve.org/view.php?id=CVE-2021-32549
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users. Se ha detectado que la función read_file() en el archivo apport/hookutils.py podría seguir enlaces simbólicos o abrir FIFOs. Cuando esta función es usada por el paquete openjdk-13 apport hooks, podría exponer datos privados a otros usuarios locales • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVE-2021-32548 – apport read_file() function could follow maliciously constructed symbolic links
https://notcve.org/view.php?id=CVE-2021-32548
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users. Se ha detectado que la función read_file() en el archivo apport/hookutils.py podría seguir enlaces simbólicos o abrir FIFOs. Cuando esta función es usada por el paquete openjdk-8 apport hooks, podría exponer datos privados a otros usuarios locales • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVE-2021-3560 – Red Hat Polkit Incorrect Authorization Vulnerability
https://notcve.org/view.php?id=CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha detectado que polkit podía ser engañado para omitir las comprobaciones de credenciales para las peticiones de D-Bus, elevando los privilegios del solicitante al usuario root. Este fallo podría ser usado por un atacante local no privilegiado para, por ejemplo, crear un nuevo administrador local. • https://www.exploit-db.com/exploits/50011 https://github.com/secnigma/CVE-2021-3560-Polkit-Privilege-Esclation https://github.com/RicterZ/CVE-2021-3560-Authentication-Agent https://github.com/hakivvi/CVE-2021-3560 https://github.com/WinMin/CVE-2021-3560 https://github.com/0dayNinja/CVE-2021-3560 https://github.com/AssassinUKG/Polkit-CVE-2021-3560 https://github.com/chenaotian/CVE-2021-3560 https://github.com/BizarreLove/CVE-2021-3560 https://github.com/cpu0x00/CVE-2021-3560 • CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-863: Incorrect Authorization •