cyberark / pwnkit-hunter Goto Github PK

Summary

No execute permissions for CVE-2021-4034_Finder.py

Steps to Reproduce

1. Clone the repo
2. cd into the repo
3. run ./CVE-2021-4034_Finder.py
4. See error fish: The file “./CVE-2021-4034_Finder.py” is not executable by this user ./CVE-2021-4034_Finder.py

Expected Results

The file to execute.

Actual Results

The file didn't execute.

Reproducible

• Always
• Sometimes
• Non-Reproducible

Environment setup

I was also using fish as my shell.

Is your feature request related to a problem? Please describe.

A clear and concise description of what the problem is. Ex. I would like to see [...] because [...].
Please include the intended use case and what the feature would improve on so that we can prioritize
the feature accordingly.

Describe the solution you would like

A clear and concise description of what the desired end result(s) would be.

Describe alternatives you have considered

A clear and concise description of any alternative solutions or features that may be related to this that
you have considered.

Additional context

Add any other context information about the feature request here.

I just wanted to let you know that I tested this on a RHEL UBI8 docker image before I noticed the note about Debian and Ubuntu. It did actually work and alert me that the OS was vulnerable, and once I patched it, reported not vulnerable.

The only thing that was off was the output detail. The package name is polkit on RHEL, and the update instruction yum install polkit on RHEL.

Thanks, Ken

Hello, all !

I have Debian 10.

1. no policykit-1 package is installed
   root@Alexey-HP:$ apt list --installed | grep policykit-1
   WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
   root@Alexey-HP:$

root@Alexey-HP:$ git clone https://github.com/cyberark/PwnKit-Hunter.git
Cloning into 'PwnKit-Hunter'...
remote: Enumerating objects: 78, done.
remote: Counting objects: 100% (78/78), done.
remote: Compressing objects: 100% (76/76), done.
remote: Total 78 (delta 42), reused 0 (delta 0), pack-reused 0
Unpacking objects: 100% (78/78), done.
root@Alexey-HP:$ cd PwnKit-Hunter
root@Alexey-HP:/PwnKit-Hunter$ chmod +x CVE-2021-4034_Finder.py
root@Alexey-HP:/PwnKit-Hunter$ ./CVE-2021-4034_Finder.py
---> PwnKit-Hunter <---

This test is currently working on Debian (stretch, buster, and bullseye) and Ubuntu (18.04, 20.04, 21.10) only
If your distro is not on this list, please check the apropriate advisory, and update your system soon.
For RedHat distros we suggest the following mitigation: https://access.redhat.com/security/vulnerabilities/RHSB-2022-001#Mitigation

[*] Test started
Traceback (most recent call last):
File "/home/azureuser/PwnKit-Hunter/./CVE-2021-4034_Finder.py", line 96, in
main()
File "/home/azureuser/PwnKit-Hunter/./CVE-2021-4034_Finder.py", line 82, in main
is_vuln = check_deb_varients(dist)
File "/home/azureuser/PwnKit-Hunter/./CVE-2021-4034_Finder.py", line 31, in check_deb_varients
pkg_ver = pkg.installed.version
AttributeError: 'NoneType' object has no attribute 'version'
root@Alexey-HP:~/PwnKit-Hunter$

pls. fix the script CVE-2021-4034_Finder.py so that it does not throw out such error messages

the same is with PwnKit-Patch-Finder script

azureuser@pgpro-ent1351-debian10-x64-prepare:~/PwnKit-Hunter$ ./PwnKit-Patch-Finder
---> PwnKit-Hunter <---

[] DISCLAIMER: This tool is only valid on Debian, Ubuntu, and their variants.
[] pkexec usage may appear, if so, you may ignore it.

[-] Your policykit-1 package is vulnerable.
[*]Use: 'apt install policykit-1' to update to the patched version.

azureuser@pgpro-ent1351-debian10-x64-prepare:~/PwnKit-Hunter$

it says the package is vulnerable, but it's not installed

2. let's install policykit-1 package

root@Alexey-HP:/PwnKit-Hunter$ sudo apt-get install policykit-1
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
cpp-8 libapt-inst2.0 libasan5 libisl19 libkadm5clnt-mit11 libkadm5srv-mit11 libkdb5-9 libmpx2 libpython2-stdlib multiarch-support python2 python2-minimal
python2.7 python2.7-minimal python3.7-minimal
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
libpolkit-agent-1-0 libpolkit-gobject-1-0 pkexec polkitd
The following NEW packages will be installed:
libpolkit-agent-1-0 libpolkit-gobject-1-0 pkexec policykit-1 polkitd
0 upgraded, 5 newly installed, 0 to remove and 369 not upgraded.
Need to get 212 kB of archives.
After this operation, 636 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://ftp.us.debian.org/debian unstable/main amd64 libpolkit-gobject-1-0 amd64 0.105-33 [49.7 kB]
Get:2 http://ftp.us.debian.org/debian unstable/main amd64 libpolkit-agent-1-0 amd64 0.105-33 [29.1 kB]
Get:3 http://ftp.us.debian.org/debian unstable/main amd64 polkitd amd64 0.105-33 [88.9 kB]
Get:4 http://ftp.us.debian.org/debian unstable/main amd64 pkexec amd64 0.105-33 [28.3 kB]
Get:5 http://ftp.us.debian.org/debian unstable/main amd64 policykit-1 amd64 0.105-33 [16.5 kB]
Fetched 212 kB in 2s (115 kB/s)
Selecting previously unselected package libpolkit-gobject-1-0:amd64.
(Reading database ... 111255 files and directories currently installed.)
Preparing to unpack .../libpolkit-gobject-1-0_0.105-33_amd64.deb ...
Unpacking libpolkit-gobject-1-0:amd64 (0.105-33) ...
Selecting previously unselected package libpolkit-agent-1-0:amd64.
Preparing to unpack .../libpolkit-agent-1-0_0.105-33_amd64.deb ...
Unpacking libpolkit-agent-1-0:amd64 (0.105-33) ...
Selecting previously unselected package polkitd.
Preparing to unpack .../polkitd_0.105-33_amd64.deb ...
Unpacking polkitd (0.105-33) ...
Selecting previously unselected package pkexec.
Preparing to unpack .../pkexec_0.105-33_amd64.deb ...
Unpacking pkexec (0.105-33) ...
Selecting previously unselected package policykit-1.
Preparing to unpack .../policykit-1_0.105-33_amd64.deb ...
Unpacking policykit-1 (0.105-33) ...
Setting up libpolkit-gobject-1-0:amd64 (0.105-33) ...
Setting up libpolkit-agent-1-0:amd64 (0.105-33) ...
Setting up polkitd (0.105-33) ...
Setting up pkexec (0.105-33) ...
Setting up policykit-1 (0.105-33) ...
Processing triggers for man-db (2.8.5-2) ...
Processing triggers for dbus (1.12.20-0+deb10u1) ...
Processing triggers for libc-bin (2.33-7) ...
root@Alexey-HP:/PwnKit-Hunter$

root@Alexey-HP:~/PwnKit-Hunter$ ./CVE-2021-4034_Finder.py
---> PwnKit-Hunter <---

This test is currently working on Debian (stretch, buster, and bullseye) and Ubuntu (18.04, 20.04, 21.10) only
If your distro is not on this list, please check the apropriate advisory, and update your system soon.
For RedHat distros we suggest the following mitigation: https://access.redhat.com/security/vulnerabilities/RHSB-2022-001#Mitigation

[*] Test started
[+] Your polkit package is not vulnerable. Keep being secure
root@Alexey-HP:~/PwnKit-Hunter$ ./PwnKit-Patch-Finder
---> PwnKit-Hunter <---

[] DISCLAIMER: This tool is only valid on Debian, Ubuntu, and their variants.
[] pkexec usage may appear, if so, you may ignore it.

[-] Your policykit-1 package is vulnerable.
[*]Use: 'apt install policykit-1' to update to the patched version.

root@Alexey-HP:~/PwnKit-Hunter$

two scripts provide different results - pls. fix