A collection of files related to my personal security research. Additional content will be posted on my blog https://blog.mirch.io.
CVE-2019-6724 - Barracuda VPN Client Privilege Escalation on Linux and macOS. PoC: CVE-2019-6724. Detailed write-up: CVE-2019-6724: Barracuda VPN Client Privilege Escalation on Linux and macOS. Barracuda VPN Client Release Notes
CVE-2018-18629 - Privilege Escalation on Linux via keybase-redirector . PoC: CVE-2018-18629. Detailed write-up: CVE-2018-18629: Keybase Linux privilege escalation. Keybase Advisory: Local Privilege Escalation on Linux via keybase-redirector (KB002)
CVE-2018-19788 - PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command. PoC: CVE-2018-19788.sh. Detailed write-up: CVE-2018-19788 PoC – polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass. The Hacker News article: Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command
CVE-2018-18556 - VyOS Privilege escalation via sudo pppd for operator users. PoC: CVE-2018-18556.sh. Detailed write-up: CVE-2018-18556 – VyOS Privilege escalation via sudo pppd for operator users. Advisory: The "operator" level is proved insecure and will be removed in the next releases