Tuesday, January 25, 2022

Ubuntu: USN-5249-1 (CVE-2022-23220): USBView vulnerability

USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.
  • ubuntu-upgrade-usbview

  • References
  • USN-5249-1
  • CVE-2022-23220


    Copyright © 2021 Vulnerability Database | Cyber Details™

    thank you Templateism for the design - You should have written the code a little more complicated - Nothing Encrypted anymore