diff --git a/build_lists/sensitive_files.yaml b/build_lists/sensitive_files.yaml index c8e43c1..9638fac 100644 --- a/build_lists/sensitive_files.yaml +++ b/build_lists/sensitive_files.yaml @@ -1705,7 +1705,7 @@ search: auto_check: True exec: - '( redis-server --version || echo_not_found "redis-server") 2>/dev/null' - - if [ "`redis-cli INFO 2>/dev/null`" ] && ! [ "`redis-cli INFO 2>/dev/null | grep -i NOAUTH`" ]; then echo "Redis isn't password protected" | sed -${E} "s,.*,${SED_RED},"; fi + - redis_info="$(if [ "$TIMEOUT" ]; then $TIMEOUT 2 redis-cli INFO 2>/dev/null; else redis-cli INFO 2>/dev/null; fi)"; if [ "$redis_info" ] && ! echo "$redis_info" | grep -i NOAUTH; then echo "Redis isn't password protected" | sed -${E} "s,.*,${SED_RED},"; fi files: - name: "redis.conf" diff --git a/linPEAS/builder/linpeas_parts/6_users_information/10_Pkexec.sh b/linPEAS/builder/linpeas_parts/6_users_information/10_Pkexec.sh index 4eda639..c2be55e 100644 --- a/linPEAS/builder/linpeas_parts/6_users_information/10_Pkexec.sh +++ b/linPEAS/builder/linpeas_parts/6_users_information/10_Pkexec.sh @@ -8,7 +8,7 @@ # Functions Used: print_2title, print_info # Global Variables: $Groups, $groupsB, $groupsVB, $nosh_usrs, $sh_usrs, $USER # Initial Functions: -# Generated Global Variables: $pkexec_bin, $policy_dir, $policy_file +# Generated Global Variables: $pkexec_bin, $pkexec_version, $policy_dir, $policy_file # Fat linpeas: 0 # Small linpeas: 1 @@ -30,6 +30,10 @@ if [ -n "$pkexec_bin" ]; then # Check polkit version for known vulnerabilities if command -v pkexec >/dev/null 2>&1; then pkexec --version 2>/dev/null + pkexec_version="$(pkexec --version 2>/dev/null | grep -oE '[0-9]+(\\.[0-9]+)+')" + if [ "$pkexec_version" ] && [ "$(printf '%s\n' "$pkexec_version" "0.120" | sort -V | head -n1)" = "$pkexec_version" ] && [ "$pkexec_version" != "0.120" ]; then + echo "Potentially vulnerable to CVE-2021-4034 (PwnKit) - check distro patches" | sed -${E} "s,.*,${SED_RED_YELLOW}," + fi fi fi