Vulnerability CVE-2021-4034


Published: 2022-01-28

Description:
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

See advisories in our WLB2 database:
Topic
Author
Date
High
Polkit pkexec Local Privilege Escalation
Qualys Security ...
26.01.2022
High
PolicyKit-1 0.105-31 Privilege Escalation
Lance Biggerstaf...
27.01.2022

Type:

CWE-787

CVSS2 => (AV:L/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.2/10
10/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Redhat -> Enterprise linux workstation 
Redhat -> Enterprise linux server update services for sap solutions 
Redhat -> Enterprise linux 
Redhat -> Enterprise linux desktop 
Redhat -> Enterprise linux eus 
Redhat -> Enterprise linux for ibm z systems 
Redhat -> Enterprise linux for ibm z systems eus 
Redhat -> Enterprise linux for power big endian 
Redhat -> Enterprise linux for power little endian 
Redhat -> Enterprise linux for power little endian eus 
Redhat -> Enterprise linux for scientific computing 
Redhat -> Enterprise linux server 
Redhat -> Enterprise linux server aus 
Redhat -> Enterprise linux server eus 
Redhat -> Enterprise linux server tus 
Polkit project -> Polkit 
Canonical -> Ubuntu linux 

 References:
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
https://bugzilla.redhat.com/show_bug.cgi?id=2025869
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683

Copyright 2024, cxsecurity.com

 

Back to Top