This Linux vulnerability related to local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it’ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation giving unprivileged users administrative rights on the target machine.

This how you can patch the linux vulnerability CVE 2021-4034.

How to test CVE 2021-4034

git clone https://github.com/arthepsy/CVE-2021-4034.git 

cd CVE-2021-4034 

gcc cve-2021-4034-poc.c -o cve-2021-4034-poc 

./cve-2021-4034-poc 

Check policykit-1 version in Ubuntu or Debian

dpkg -l | grep policykit-1 

Check polkit version in Centos or RedHat

rpm -qa | grep polkit 

If there is no a result from above command, we dont need to install policykit-1 or polkit.
If the result is not same with the list below, we need to install the latest version of policykit-1 or polkit on every OS version.

http://buaq.net/go-101394.html
CentOS:
CentOS 6:polkit-0.96-11.el6_10.2
CentOS 7:polkit-0.112-26.el7_9.1
CentOS 8.0:polkit-0.115-13.el8_5.1
CentOS 8.2:polkit-0.115-11.el8_2.2
CentOS 8.4:polkit-0.115-11.el8_4.2

Ubuntu:
Ubuntu 14.04 ESM:policykit-1-0.105-4ubuntu3.14.04.6+esm1
Ubuntu 16.04 ESM:policykit-1-0.105-14.1ubuntu0.5+esm1
Ubuntu 18.04 LTS:policykit-1-0.105-20ubuntu0.18.04.6
Ubuntu 20.04 LTS:policykit-1-0.105-26ubuntu1.2
Ubuntu 21.10:policykit-1-0.105-31ubuntu0.1

Debian:
Debian stretch:policykit-1 0.105-18+deb9u2
Debian buster:policykit-1 0.105-25+deb10u1
Debian bullseye:policykit-1 0.105-31+deb11u1
Debian bookworm,bullseye:policykit-1 0.105-31.1

Install update policykit-1 on Ubuntu or Debian

apt update 

apt install policykit-1 

Install update polkit on Centos

yum clean all && yum -y update polkit* 

If we cant update the policykit-1 or polkit due to EOL, we can run command below”

chmod 0755 /usr/bin/pkexec 


Thank’s

Previous ArticleNext Article

Leave a Reply

Your email address will not be published. Required fields are marked *