Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

Hold tight, this may blow your mind…

A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly—thanks to a newly discovered vulnerability.

The reported vulnerability actually resides in PolicyKit (also known as polkit)—an application-level toolkit for Unix-like operating systems that defines policies, handles system-wide privileges and provides a way for non-privileged processes to communicate with privileged ones, such as "sudo," that does not grant root permission to an entire process.

The issue, tracked as CVE-2018-19788, impacts PolicyKit version 0.115 which comes pre-installed on most popular Linux distributions, including Red Hat, Debian,Ubuntu, and CentOS.

The vulnerability exists due to PolicyKit's improper validation of permission requests for any low-privileged user with UID greater than INT_MAX.

Where, INT_MAX is a constant in computer programming that defines...(continued)

View All Trending Stories