Avoid Redis INFO hangs and flag PwnKit versions

build_lists/sensitive_files.yaml

@@ -1705,7 +1705,7 @@ search:
           auto_check: True
           exec:
             - '( redis-server --version || echo_not_found "redis-server") 2>/dev/null'
-            - if [ "`redis-cli INFO 2>/dev/null`" ] && ! [ "`redis-cli INFO 2>/dev/null | grep -i NOAUTH`" ]; then echo "Redis isn't password protected" | sed -${E} "s,.*,${SED_RED},"; fi
+            - redis_info="$(if [ "$TIMEOUT" ]; then $TIMEOUT 2 redis-cli INFO 2>/dev/null; else redis-cli INFO 2>/dev/null; fi)"; if [ "$redis_info" ] && ! echo "$redis_info" | grep -i NOAUTH; then echo "Redis isn't password protected" | sed -${E} "s,.*,${SED_RED},"; fi
 
         files:
           - name: "redis.conf"

linPEAS/builder/linpeas_parts/6_users_information/10_Pkexec.sh

@@ -8,7 +8,7 @@
 # Functions Used: print_2title, print_info
 # Global Variables: $Groups, $groupsB, $groupsVB, $nosh_usrs, $sh_usrs, $USER
 # Initial Functions:
-# Generated Global Variables: $pkexec_bin, $policy_dir, $policy_file
+# Generated Global Variables: $pkexec_bin, $pkexec_version, $policy_dir, $policy_file
 # Fat linpeas: 0
 # Small linpeas: 1
 
@@ -30,6 +30,10 @@ if [ -n "$pkexec_bin" ]; then
   # Check polkit version for known vulnerabilities
   if command -v pkexec >/dev/null 2>&1; then
     pkexec --version 2>/dev/null
+    pkexec_version="$(pkexec --version 2>/dev/null | grep -oE '[0-9]+(\\.[0-9]+)+')"
+    if [ "$pkexec_version" ] && [ "$(printf '%s\n' "$pkexec_version" "0.120" | sort -V | head -n1)" = "$pkexec_version" ] && [ "$pkexec_version" != "0.120" ]; then
+      echo "Potentially vulnerable to CVE-2021-4034 (PwnKit) - check distro patches" | sed -${E} "s,.*,${SED_RED_YELLOW},"
+    fi
   fi
 fi