_summary
The Qualys Research Team has discovered a memory corruption vulnerability in polkit's pkexec, a SUID-root program installed in many major Linux distributions. Exploitation of this vulnerability allows for any unprivileged local user to gain full root privileges on the affected host.
More information about this vulnerability can be found at here
A vulnerability in a commonly installed operating system component has been identified in some Aruba products. This allows for a lower privileged local user with the ability to run arbitrary shell commands to escalate to root privilege on the underlying operating system.
Affected products do not allow users to have local access to an unrestricted underlying operating system command shell during normal operation. Because of this, exploitation of this flaw in Aruba products would occur as part of an attack chain involving another security vulnerability and would not be easily exploitable during regular operation of the product.
Aruba is currently working on fixes for all affected products. Patch details will be published in this section.
To minimize the likelihood of an attacker exploiting these vulnerabilities, Aruba recommends that the CLI and web-based management interfaces be restricted to a dedicated layer 2 segment or VLAN and/or controlled by firewall policies at layer 3 and above.