logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2021-4034

Description

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.


Affected Software


CPE Name Name Version
polkit_project:polkit polkit project polkit *
redhat:enterprise_linux_desktop redhat enterprise linux desktop 7.0
redhat:enterprise_linux_workstation redhat enterprise linux workstation 7.0
redhat:enterprise_linux_for_scientific_computing redhat enterprise linux for scientific computing 7.0
redhat:enterprise_linux_server redhat enterprise linux server 7.0
redhat:enterprise_linux_for_power_little_endian redhat enterprise linux for power little endian 7.0
redhat:enterprise_linux_server redhat enterprise linux server 6.0
redhat:enterprise_linux_for_power_big_endian redhat enterprise linux for power big endian 7.0
redhat:enterprise_linux_for_ibm_z_systems redhat enterprise linux for ibm z systems 7.0
redhat:enterprise_linux_server_aus redhat enterprise linux server aus 7.3
redhat:enterprise_linux_server_aus redhat enterprise linux server aus 7.4
redhat:enterprise_linux_server_tus redhat enterprise linux server tus 7.6
redhat:enterprise_linux_server_aus redhat enterprise linux server aus 7.6
redhat:enterprise_linux redhat enterprise linux 8.0
redhat:enterprise_linux_server_aus redhat enterprise linux server aus 7.7
redhat:enterprise_linux_server_tus redhat enterprise linux server tus 7.7
redhat:enterprise_linux_eus redhat enterprise linux eus 8.2
redhat:enterprise_linux_server_tus redhat enterprise linux server tus 8.2
redhat:enterprise_linux_server_aus redhat enterprise linux server aus 8.2
redhat:enterprise_linux_server_tus redhat enterprise linux server tus 8.4
redhat:enterprise_linux_server_aus redhat enterprise linux server aus 8.4
redhat:enterprise_linux_server_update_services_for_sap_solutions redhat enterprise linux server update services for sap solutions 8.2
redhat:enterprise_linux_server_update_services_for_sap_solutions redhat enterprise linux server update services for sap solutions 8.4
redhat:enterprise_linux_server_update_services_for_sap_solutions redhat enterprise linux server update services for sap solutions 8.1
redhat:enterprise_linux_for_power_little_endian_eus redhat enterprise linux for power little endian eus 8.2
redhat:enterprise_linux_for_ibm_z_systems_eus redhat enterprise linux for ibm z systems eus 8.2
redhat:enterprise_linux_for_power_little_endian_eus redhat enterprise linux for power little endian eus 8.1
redhat:enterprise_linux_for_power_little_endian redhat enterprise linux for power little endian 8.0
redhat:enterprise_linux_for_ibm_z_systems_eus redhat enterprise linux for ibm z systems eus 8.4
redhat:enterprise_linux_for_ibm_z_systems redhat enterprise linux for ibm z systems 8.0
redhat:enterprise_linux_for_power_little_endian_eus redhat enterprise linux for power little endian eus 8.4
redhat:enterprise_linux_server_eus redhat enterprise linux server eus 8.4
redhat:enterprise_linux_server_update_services_for_sap_solutions redhat enterprise linux server update services for sap solutions 7.7
redhat:enterprise_linux_server_update_services_for_sap_solutions redhat enterprise linux server update services for sap solutions 7.6
canonical:ubuntu_linux canonical ubuntu linux 18.04
canonical:ubuntu_linux canonical ubuntu linux 14.04
canonical:ubuntu_linux canonical ubuntu linux 20.04
canonical:ubuntu_linux canonical ubuntu linux 16.04
canonical:ubuntu_linux canonical ubuntu linux 21.10
suse:manager_server suse manager server 4.1
suse:linux_enterprise_workstation_extension suse linux enterprise workstation extension 12
suse:linux_enterprise_desktop suse linux enterprise desktop 15
suse:enterprise_storage suse enterprise storage 7.0
suse:manager_proxy suse manager proxy 4.1
suse:linux_enterprise_high_performance_computing suse linux enterprise high performance computing 15.0
suse:linux_enterprise_server suse linux enterprise server 15
suse:linux_enterprise_server suse linux enterprise server 15

Related