This Linux vulnerability related to local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it’ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation giving unprivileged users administrative rights on the target machine.
This how you can patch the linux vulnerability CVE 2021-4034.
How to test CVE 2021-4034
git clone https://github.com/arthepsy/CVE-2021-4034.git
cd CVE-2021-4034
gcc cve-2021-4034-poc.c -o cve-2021-4034-poc
./cve-2021-4034-poc
Check policykit-1 version in Ubuntu or Debian
dpkg -l | grep policykit-1
Check polkit version in Centos or RedHat
rpm -qa | grep polkit
If there is no a result from above command, we dont need to install policykit-1 or polkit.
If the result is not same with the list below, we need to install the latest version of policykit-1 or polkit on every OS version.
http://buaq.net/go-101394.html
CentOS:
CentOS 6:polkit-0.96-11.el6_10.2
CentOS 7:polkit-0.112-26.el7_9.1
CentOS 8.0:polkit-0.115-13.el8_5.1
CentOS 8.2:polkit-0.115-11.el8_2.2
CentOS 8.4:polkit-0.115-11.el8_4.2
Ubuntu:
Ubuntu 14.04 ESM:policykit-1-0.105-4ubuntu3.14.04.6+esm1
Ubuntu 16.04 ESM:policykit-1-0.105-14.1ubuntu0.5+esm1
Ubuntu 18.04 LTS:policykit-1-0.105-20ubuntu0.18.04.6
Ubuntu 20.04 LTS:policykit-1-0.105-26ubuntu1.2
Ubuntu 21.10:policykit-1-0.105-31ubuntu0.1
Debian:
Debian stretch:policykit-1 0.105-18+deb9u2
Debian buster:policykit-1 0.105-25+deb10u1
Debian bullseye:policykit-1 0.105-31+deb11u1
Debian bookworm,bullseye:policykit-1 0.105-31.1
Install update policykit-1 on Ubuntu or Debian
apt update
apt install policykit-1
Install update polkit on Centos
yum clean all && yum -y update polkit*
If we cant update the policykit-1 or polkit due to EOL, we can run command below”
chmod 0755 /usr/bin/pkexec
Thank’s