Tuesday, January 25, 2022

Ubuntu: USN-5249-1 (CVE-2022-23220): USBView vulnerability

Description
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.
Solution(s)
  • ubuntu-upgrade-usbview


  • References
  • USN-5249-1
  • CVE-2022-23220




  •  

    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore