`polkit:CVE-2021-3560` tweak: clarity with affected versions

[petecooper]

Firstly, thank you creating and maintaining traitor, it's excellent.

I ran v0.0.8 on a fully-patched (at least as far as apt permits) Ubuntu 20.04LTS, and got this result:

$ /opt/traitor/traitor


▀█▀ █▀█ ▄▀█ █ ▀█▀ █▀█ █▀█
░█░ █▀▄ █▀█ █ ░█░ █▄█ █▀▄ v0.0.8
https://github.com/liamg/traitor

[+] Assessing machine state...
[+] Checking for opportunities...
[+][polkit:CVE-2021-3560] Polkit version is vulnerable!
[+][polkit:CVE-2021-3560] System is vulnerable! Run again with '--exploit polkit:CVE-2021-3560' to exploit it.

Looking at d3db221 where detection for CVE-2021-3560 was added, v0.105-26 is considered vulnerable:

traitor/pkg/exploits/exploit_polkit.go

Line 63 in 721ad3a

vulnerable, err := version.NewVersion("0.105-26") // vuln was introduced in 0.105-26

Looking at https://ubuntu.com/security/notices/USN-4980-1, where Ubuntu 20.04LTS is concerned, that same version number is not vulnerable…and it's actually listed as being the version which addresses CVE-2021-3560.

Given that Ubuntu LTS is a relatively popular choice among server operating systems – and 20.04 is the most recent LTS cut – it might be worth clarifying what versions are affected by CVE-2021-3560 in this case.

Thanks for your consideration.