• Home
  • How it works
  • About us
  • Our services
  • Contact us
Log In
Order Now

a very old bug in the Linux polkit package,  which is a local privilege escalation attack against the ‘pkexec’ program

Three Pages This week’s issue for discussion is a very old bug in the Linux polkit package,  which is a local privilege escalation attack against the ‘pkexec’ program. This was actually discovered back in 2013 – https://ryiron.wordpress.com/2013/12/16/argv-silliness/ (Links to an external site.) – but wasn’t really understood to be exploitable at that time. One axiom of security is that security flaws only get worse with time, and this is a perfect example. An oddity in pkexec was found by Qualys to be exploitable. https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 (Links to an external site.) Read the blog above, and discuss how factual it is.  For example, is polkit actually installed by default everywhere? What’s the impact of this issue? What does it allow someone to do if polkit is in fact installed? What mitigations are available to remove the impact? Part 2   Use the research sources and tools described in Chapter 1 and the lecture slides to collect what information you can on a company of your choice. Prepare a short report (no more than 4-5 pages) and deliver by the next class. Please use a tool such as Maltego or Recon-NG to create your report – these are available from Kali. Important: This is a footprinting exercise, NOT a scanning exercise. Passive lookups only!

Why choose us

High-quality papers
Unlimited Revisions
Economical services
24/7 customers support
Highly-qualified tutors
Total confidentiality

Order Now

100% guarantee

guarantee


My Account

Do not waste time, get a high-quality essay from professional tutors

Place Order Now

Logo

Our platform will get you matched with an expert that will deliver your paper safely, securely and on time.

Company
  • Home
  • How it works
  • About us
  • Our services
Quick links
  • Place Order
  • Manage Orders
  • Create Account
  • Contact us
Contact us
  • info@iwriteit.org
We accept
Logo
© 2022 Iwriteit.org. All Rights Reserved.