Easy way to privilege escalation in any Linux via pkexec 🔥🔥🔥
CVE-2021-4034: pwnkit: Local Privilege Escalation in polkit's pkexec for almost any Linux system. Vulnerability == Bug. The first bug commit appeared in May 2009. Qualys researchers reported this vulnerability exploitation is fast, reliable, and architecture-independent.
It was found that when processing the PATH variable of a specific type, there are some conditions for overwriting outside envp[0], which makes it possible to implement a custom LD_PRELOAD. It makes CVE-2021-4034 a real threat related to local privilege escalation (LPE) in Linux.
Officially, this vulnerability has not yet appeared in the NVD database, but you can find exploits/POCs in the Vulners database with a subscription. With Vulners database you can get all new GitHub exploits and create your own subscription for pkexec vulnerability like this one:
order:published last month (type:cve CVE-2021-4034) OR pkexec
How to fix it???
As a temporary measure to block the vulnerability, you can remove SUID root flag from /usr/bin/pkexec:
chmod 0755 /usr/bin/pkexec