I could also mount the encrypted partitions on the #HardDrive and to recreate the symbolic link which I’d deleted. Luckily this allowed my original system to start #Booting again. However, something was still wrong with sudo but looking it up, there was ample help online about what was wrong: the #program has to be #setuid 0 and so once I was able to do that I recovered the system. Phew.
#setuid
0 posts0 participants0 posts today
“#Parallels Desktop has a couple of #setuid binaries: prl_update_helper and Parallels Service. Both binaries run with root privileges and both invoke #bash scripts to run commands with the privileges of root. For such use cases, bash specifically provides a privileged mode using the “-p” flag. Parallels Desktop prior to version 18.1.0 does not take advantage of bash privileged mode, nor does it filter untrusted environment variables. This leads to #local #privilege #escalation.”
Zero Day InitiativeZero Day Initiative — Bash Privileged-Mode Vulnerabilities in Parallels Desktop and CDPATH Handling in MacOSIn the last few years, we have seen multiple vulnerabilities in Parallels Desktop leading to virtual machine escapes. Interested readers can check our previous blog posts about vulnerabilities across interfaces such as RDPMC hypercalls , the Parallels ToolGate, and the VGA virtual device . This
All right #infosec mastodon. How do I find out who is talking about a particular fresh vuln? I’m going to throw out some hashtags and see what turns up relevant conversation.
#186f495d4be1
#cve_2022_23093
#pingbof
#pr_pack
Is this a big deal because stack based #bof in a common #setuid binary, or a #shrug because #ping is capability restricted in #freebsd?
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc