LinPEAS - Polkit version detection - with solution

[secure-sauce-controller]

If you are going to suggest something, please remove the following template. - my solution is at the bottom.

Issue description

The current method for detecting the polkit version is detailed below and found in the file 1_system_information.sh:

https://github.com/carlospolop/PEASS-ng/blob/8b6ce759d083f0e572f88070e8051d869bb5c90a/linPEAS/builder/linpeas_parts/1_system_information.sh

#-- SY) CVE-2021-3560
polkitVersion=$(systemctl status polkit.service 2>/dev/null | grep version | cut -d " " -f 9)
if [ "$(apt list --installed 2>/dev/null | grep polkit | grep -c 0.105-26)" -ge 1 ] || [ "$(yum list installed 2>/dev/null | grep polkit | grep -c 0.117-2)" -ge 1 ]; then
    echo "Vulnerable to CVE-2021-3560" | sed -${E} "s,.*,${SED_RED_YELLOW},"
    echo ""
fi

This version detection method did not detect the version for me (specifically on the Hack The Box host 'Paper').

Which parameters did you use for executing the script and how did you execute it?

Just ran the whole of linpeas default.

Is there any AV / Threat protection in the system?

no

Please, indicate the OS, the OS version, and the kernel version (build number in case of Windows)

Linux

OS: Linux version 4.18.0-348.7.1.el8_5.x86_64 ([email protected]) (gcc version 8.5.0 20210514 (Red Hat 8.5.0-4) (GCC)) #1 SMP Wed Dec 22 13:25:12 UTC 2021

Please, indicate the check that is failing and add a screenshot showing the problem

#-- SY) CVE-2021-3560

How did you expect it to work?

Detect the vulnerable polkit version

Potential solution

I have found this command works best to find the vulnerable version, may be good to use this or add this as an additional fail safe check...

rpm -qa | grep -i polkit | grep -i "0.11[3-9]"