Results 1 to 3 of 3
  1. #1
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,565

    Default PwnKit exploit for *nix CVE-2021-4034 and Untangle

    Quite a few clients (esp those under compliance) are asking about this...and if Untangle is affected, if so, the steps to remedy...
    mikeyscott likes this.
    Resident "Geek on a Harley" in Southeast Connecticut, USA.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,678

    Default

    The package affected is not loaded on NGFW. Secondly the exploit requires local access to execute. Local access is root only so it does not matter since if they are on your box, they are already root.
    nowebpresence likes this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    Yeah, I just went through this myself this morning and I concur with JCoffin's assessment.

    The exploit requires local access, which means root access is already attained. So this is yet another instance of you'd have to hack the box, to hack the box... It's a non-issue.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2