[Security] polkit CVE-2021-4034

ccto · Jan 26, 2022

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies.

It seems CentOS 7, 8 standalone server shall have this package installed and running by default.

ref.:

cve-details

CVE-2021-4034: How PwnKit Exploits Polkit’s pkexec | Qualys

CVE-2021-4034, a PwnKit vulnerability, lets unprivileged users gain root access via pkexec. Explore its impact and how to mitigate the risk.

blog.qualys.com

Active8 · Jan 27, 2022

Already discussed :

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by...

forum.directadmin.com

[Security] polkit CVE-2021-4034

ccto

Verified User

CVE-2021-4034: How PwnKit Exploits Polkit’s pkexec | Qualys

Active8

Verified User

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)