Add CVE-2019-13272

[pedrib]

Not my exploit, this comes from Jann Horn from Google's Project Zero:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1903

This works pretty well on all machines I have tested.
Works at least on Linux 4.10 < 5.1.17, but it was also backported to some earlier versions according to the link above.

[jollheef]

Hello, thank you for a pull request.

You need to create also file with metadata and update .travis.yml, see #2 for example.

[jollheef]

This file is from xfce4-session, which is not presented in most of the installations.

[pedrib]

True - actually it relies on available helper methods that are typically found in desktops.
Quote from the page above:

Polkit's pkexec helper fits this pattern. On a typical desktop system, any
process running under an active local session can invoke some helpers through
pkexec (see configuration in /usr/share/polkit-1/actions, search for <action>s
that specify <allow_active>yes</allow_active> and <annotate key="org.freedesktop.policykit.exec.path">...</annotate>).
While pkexec is normally used to run programs as root, pkexec actually allows
its caller to specify the user to run a command as with --user, which permits
using pkexec to run a command as the user who executed pkexec. (Which is kinda
weird... why would I want to run pkexec helpers as more than one fixed user?)

I have attached a proof-of-concept that works on Debian 10 running a distro
kernel and the XFCE desktop environment; if you use a different desktop
environment, you may have to add a path to the `helpers` array in the PoC. When
you compile and run it in an active local session, you should get a root shell
within a second.

[jollheef]

This exploit is not working over ssh and requires to be run from the local user only (jas502n/CVE-2019-13272#2), which means right now it's not possible to merge it till out-of-tree/out-of-tree#18 will be implemented.