A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies.
It seems CentOS 7, 8 standalone server shall have this package installed and running by default.
ref.:
![blog.qualys.com](https://ik.imagekit.io/qualys/emails/pwnkit-twitter_tsK5u-ACr.png?ik-sdk-version=javascript-1.4.3&updatedAt=1643149580450&tr=w-1200%2Ch-675%2Cfo-auto)
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034) | Qualys Security Blog
The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution.
![blog.qualys.com](https://ik.imagekit.io/qualys/wp-content/uploads/2017/07/cropped-qualys-150x150.png)
Last edited: