Linux Policy Kit 權限提升漏洞
發佈日期:
2022年01月27日
714
觀看次數
風險: 中度風險
類型: 操作系統 - LINUX
於 Linux Policy Kit 發現一個漏洞。本地攻擊者可利用這個漏洞,於目標系統觸權限提升。
注意:
CVE-2021-4034 漏洞正被廣泛利用。
影響
- 權限提升
受影響之系統或技術
對於 Suse:
- SUSE MicroOS 5.0 及 5.1
- SUSE Manager Server 4.1
- SUSE Manager Retail Branch Server 4.1
- SUSE Manager Proxy 4.1
- SUSE Linux Enterprise Server for SAP 15-SP2
- SUSE Linux Enterprise Server 15-SP2-LTSS
- SUSE Linux Enterprise Server 15-SP2-BCL
- SUSE Linux Enterprise Module for Basesystem 15-SP3
- SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
- SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
- SUSE Enterprise Storage 7
- SUSE Linux Enterprise Server for SAP 15 及 15-SP1
- SUSE Linux Enterprise Server 15-SP1-LTSS
- SUSE Linux Enterprise Server 15-SP1-BCL
- SUSE Linux Enterprise Server 15-LTSS
- SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
- SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
- SUSE Linux Enterprise High Performance Computing 15-LTSS
- SUSE Linux Enterprise High Performance Computing 15-ESPOS
- SUSE Enterprise Storage 6
- SUSE CaaS Platform 4.0
- SUSE OpenStack Cloud Crowbar 8 及 9
- SUSE OpenStack Cloud 8 及 9
- SUSE Linux Enterprise Workstation Extension 12-SP5
- SUSE Linux Enterprise Software Development Kit 12-SP5
- SUSE Linux Enterprise Server for SAP 12-SP3 and 12-SP4
- SUSE Linux Enterprise Server 12-SP5
- SUSE Linux Enterprise Server 12-SP4-LTSS
- SUSE Linux Enterprise Server 12-SP3-LTSS
- SUSE Linux Enterprise Server 12-SP3-BCL
- SUSE Linux Enterprise Server 12-SP2-BCL
- HPE Helion Openstack 8
對於 Ubuntu
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
對於 RedHat
- Red Hat Enterprise Linux Desktop 7 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.2 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.2 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
- Red Hat Enterprise Linux for IBM z Systems 7 s390x
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, big endian 7 ppc64
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.2 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
- Red Hat Enterprise Linux for Power, little endian 7 ppc64le
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Scientific Computing 7 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.2 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux Server - AUS 7.3 x86_64
- Red Hat Enterprise Linux Server - AUS 7.4 x86_64
- Red Hat Enterprise Linux Server - AUS 7.6 x86_64
- Red Hat Enterprise Linux Server - AUS 7.7 x86_64
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux Server - AUS 8.4 x86_64
- Red Hat Enterprise Linux Server - Extended Life Cycle Support (for IBM z Systems) 6 s390x
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
- Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
- Red Hat Enterprise Linux Server - TUS 7.6 x86_64
- Red Hat Enterprise Linux Server - TUS 7.7 x86_64
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.4 x86_64
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.7 x86_64
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.1 x86_64
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.2 x86_64
- Red Hat Enterprise Linux Server - Update Services for SAP Solutions 8.4 x86_64
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.7 ppc64le
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.1 ppc64le
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 8.4 ppc64le
- Red Hat Enterprise Linux Server 7 x86_64
- Red Hat Enterprise Linux Workstation 7 x86_64
解決方案
在安裝軟體之前,請先瀏覽供應商之網站,以獲得更多詳細資料。
對於 Suse:
- 安裝供應商提供的修補程式:
對於 Ubuntu:
- 安裝供應商提供的修補程式:
對於 RedHat:
- 安裝供應商提供的修補程式:
- https://access.redhat.com/errata/RHSA-2022:0265
- https://access.redhat.com/errata/RHSA-2022:0266
- https://access.redhat.com/errata/RHSA-2022:0267
- https://access.redhat.com/errata/RHSA-2022:0268
- https://access.redhat.com/errata/RHSA-2022:0269
- https://access.redhat.com/errata/RHSA-2022:0270
- https://access.redhat.com/errata/RHSA-2022:0271
- https://access.redhat.com/errata/RHSA-2022:0272
- https://access.redhat.com/errata/RHSA-2022:0273
- https://access.redhat.com/errata/RHSA-2022:0274
漏洞識別碼
資料來源
相關連結
- https://www.suse.com/support/update/announcement/2022/suse-su-20220189-1/
- https://www.suse.com/support/update/announcement/2022/suse-su-20220190-1/
- https://www.suse.com/support/update/announcement/2022/suse-su-20220191-1/
- https://ubuntu.com/security/notices/USN-5252-1
- https://ubuntu.com/security/notices/USN-5252-2
- https://access.redhat.com/errata/RHSA-2022:0265
- https://access.redhat.com/errata/RHSA-2022:0266
- https://access.redhat.com/errata/RHSA-2022:0267
- https://access.redhat.com/errata/RHSA-2022:0268
- https://access.redhat.com/errata/RHSA-2022:0269
- https://access.redhat.com/errata/RHSA-2022:0270
- https://access.redhat.com/errata/RHSA-2022:0271
- https://access.redhat.com/errata/RHSA-2022:0272
- https://access.redhat.com/errata/RHSA-2022:0273
- https://access.redhat.com/errata/RHSA-2022:0274
- https://www.auscert.org.au/bulletins/ESB-2022.0359
- https://www.auscert.org.au/bulletins/ESB-2022.0360
- https://www.auscert.org.au/bulletins/ESB-2022.0352
分享至