831756 – (CVE-2022-23220) <app-admin/usbview-2.2: root privilege escalation via insecure polkit settings

Bug 831756 (CVE-2022-23220) - <app-admin/usbview-2.2: root privilege escalation via insecure polkit settings

Summary: <app-admin/usbview-2.2: root privilege escalation via insecure polkit settings

Status:	RESOLVED FIXED

Alias:	CVE-2022-23220

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:	https://www.openwall.com/lists/oss-se...
Whiteboard:	B1 [glsa+]
Keywords:	PullRequest

Depends on:	831760
Blocks:
	Show dependency tree

Reported:	2022-01-21 18:37 UTC by John Helmert III
Modified:	2023-10-26 04:43 UTC (History)
CC List:	2 users (show)

See Also:	https://github.com/gentoo/gentoo/pull/23905
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-01-21 18:37:23 UTC

CVE-2022-23220 (https://github.com/gregkh/usbview/commit/bf374fa4e5b9a756789dfd88efa93806a395463b):

USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.

Please bump to 2.2.

Comment 1 Larry the Git Cow gentoo-dev

2022-01-21 23:58:53 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09ea588269f415e8a298e7354b6fd2ee0b81e443

commit 09ea588269f415e8a298e7354b6fd2ee0b81e443
Author:     James Beddek <telans@posteo.de>
AuthorDate: 2022-01-21 23:26:55 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-01-21 23:58:38 +0000

    app-admin/usbview: add 2.2
    
    Bug: https://bugs.gentoo.org/831756
    Signed-off-by: James Beddek <telans@posteo.de>
    Closes: https://github.com/gentoo/gentoo/pull/23905
    Signed-off-by: Sam James <sam@gentoo.org>

 app-admin/usbview/Manifest           |  1 +
 app-admin/usbview/usbview-2.2.ebuild | 30 ++++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)

Comment 2 John Helmert III archtester

2022-01-22 04:25:43 UTC

Thank you for handling so quickly!

Comment 3 John Helmert III archtester

2022-01-28 23:22:23 UTC

Please cleanup

Comment 4 Larry the Git Cow gentoo-dev

2022-01-29 06:20:16 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=60d3009bc5cae452e85b821b14116bfda4328b93

commit 60d3009bc5cae452e85b821b14116bfda4328b93
Author:     James Beddek <telans@posteo.de>
AuthorDate: 2022-01-28 23:24:16 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-01-29 06:18:22 +0000

    app-admin/usbview: drop 2.0, 2.1
    
    Bug: https://bugs.gentoo.org/831756
    Signed-off-by: James Beddek <telans@posteo.de>
    Closes: https://github.com/gentoo/gentoo/pull/24004
    Signed-off-by: Sam James <sam@gentoo.org>

 app-admin/usbview/Manifest           |  2 --
 app-admin/usbview/usbview-2.0.ebuild | 35 -----------------------------------
 app-admin/usbview/usbview-2.1.ebuild | 30 ------------------------------
 3 files changed, 67 deletions(-)

Comment 5 John Helmert III archtester

2022-01-29 18:04:19 UTC

Thanks!

Comment 6 Larry the Git Cow gentoo-dev

2023-10-26 04:42:24 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=9b37029def1302232522409885fc2b1bd992ba85

commit 9b37029def1302232522409885fc2b1bd992ba85
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2023-10-26 04:41:42 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2023-10-26 04:42:17 +0000

    [ GLSA 202310-15 ] USBView: root privilege escalation via insecure polkit settings
    
    Bug: https://bugs.gentoo.org/831756
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202310-15.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)