Privilege Escalation Bug in Latest Release Version #8
Description
I've noticed a privilege escalation in the mint-refresh-cache script that is being shipped with the current installation of Linux Mint, that allows an attacker to execute arbitrary code with root privileges.
Linux Mint is configured, so that any user can run "sudo /usr/bin/mint-refresh-cache" without asking for a password.
The current release version still offers to use Synaptic for updating the cache via the "--use-synaptic" option and furthermore allows to specify the parent windows id "--parent-window-id". However since the input isn't validated, it is possible to pass the option "--gtk-module=" instead, which loads and executes gtk-modules. An attacker can craft a malicious gtk-module that will then be run with root privilages, without entering a password:
sudo /usr/bin/mint-refresh-cache --use-synaptic --gtk-module=/tmp/evil-gtk.so
That vulnerability has been fixed in 2019, by removing "--use-synaptic" all together, but it seems that Linux Mint is still being shipped with an older version from 2018 that is still vulnerable.
Please consider creating a new release version, so that this security issue will be fixed in later releases.