Home / Companies / Crowdstrike / Blog / Post Details
Content Deep Dive

Exploiting GlobalProtect for Privilege Escalation, Part Two: Linux and macOS

Blog post from Crowdstrike

Post Details
Company
Date Published
Author
Palo Alto Networks
Word Count
3,931
Company Posts That Month
Language
English
Hacker News Points
-
Post removed?
No
Summary

CrowdStrike's blog discusses a vulnerability in the Palo Alto Networks GlobalProtect VPN client that affects both Linux and macOS systems, allowing unprivileged users to escalate their privileges to root or SYSTEM. The vulnerability, identified as CVE-2019-17436, involves the manipulation of symbolic links and the encryption scheme used by the PanGPS component, which creates root-owned configuration files in user directories. To exploit this, users can overwrite critical system files like `/etc/ld.so.preload` on Linux or the root crontab on macOS, thereby executing unauthorized operations with elevated privileges. The blog details the technical steps and conditions needed to exploit this flaw, emphasizing the importance of understanding the encryption and file creation processes to achieve privilege escalation. Fixed versions of the software were released in 2019, and the blog credits Palo Alto Networks for their prompt handling of the issue.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
AI Agents 2 2,394 1,321 1 -
Zero Trust 1 1,843 1,331 3 +61333%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.