Tuesday, January 25, 2022

Debian: CVE-2022-23220: usbview -- security update

USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.
  • debian-upgrade-usbview

  • References
  • https://attackerkb.com/topics/cve-2022-23220
  • CVE - 2022-23220
  • DSA-5052
  • DSA-5052-1


    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore