PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

Remco00

Remco00

Verified User
Joined
Feb 22, 2006
Messages
283
The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.

https://blog.qualys.com/vulnerabili...ty-discovered-in-polkits-pkexec-cve-2021-4034
 
Yep, they are synching now. I had an update on 1 Centos 7 server not on the other yet but that will be soon too then.
 
CentOS 7 should be fully synced now. We have updated some remaining servers this morning.
 
Yep, I'm just wondering about what's the newest version on Centos 8, because one Centos 8 server still has polkit-0.115-12.el8.x86_64 while the Alma Linux 8.5 has polkit-0.115-13.el8_5.1.x86_64. So it seems as if my Centos 8 is not updated.
 
Oh LoL, that's true, totally forgot about it. :D
No problem further, that one is only for Sonic Panel, not used for hosting.
 
Do you need to update the kernel as well (and reboot), or is an update of the polkit package sufficient?

Kr
Dries
 
Driesp said:
Do you need to update the kernel as well (and reboot), or is an update of the polkit package sufficient?

Kr
Dries
Click to expand...
From /var/log/messages , it seems it automatically restarted polkit service after yum update (in AlmaLinux 8)
 
We did reboot all servers to be 100% sure nothing was still linked to old libraries, but we didn't check if this was a requirement.
 
You must log in or register to reply here.
Back
Top