Easy way to privilege escalation in any Linux via pkexec 🔥🔥🔥

Published on 26 January 2022 12:00 AM

1 min. read

This post thumbnail

CVE-2021-4034: pwnkit: Local Privilege Escalation in polkit's pkexec for almost any Linux system. Vulnerability == Bug. The first bug commit appeared in May 2009. Qualys researchers reported this vulnerability exploitation is fast, reliable, and architecture-independent.

It was found that when processing the PATH variable of a specific type, there are some conditions for overwriting outside envp[0], which makes it possible to implement a custom LD_PRELOAD. It makes CVE-2021-4034 a real threat related to local privilege escalation (LPE) in Linux.

Officially, this vulnerability has not yet appeared in the NVD database, but you can find exploits/POCs in the Vulners database with a subscription. With Vulners database you can get all new GitHub exploits and create your own subscription for pkexec vulnerability like this one:

order:published last month (type:cve CVE-2021-4034) OR pkexec

How to fix it???

As a temporary measure to block the vulnerability, you can remove SUID root flag from /usr/bin/pkexec:

chmod 0755 /usr/bin/pkexec