Lucene search

Basic search
Lucene search
Search by product

Vendors

Products

Gentoo FoundationGLSA-202201-01

HistoryJan 27, 2022 - 12:00 a.m.

Polkit: Local privilege escalation

2022-01-2700:00:00

Gentoo Foundation

security.gentoo.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

15.6%

JSON

Background

polkit is a toolkit for managing policies related to unprivileged processes communicating with privileged process.

Description

Flawed input validation of arguments was discovered in the ‘pkexec’ program’s main() function.

Impact

A local attacker could achieve root privilege escalation.

Workaround

Run the following command as root: # chmod 0755 /usr/bin/pkexec

Resolution

Upgrade Polkit to a patched version.

			# emerge --sync
			# emerge --ask --verbose "&gt;=sys-auth/polkit-0.120-r2"

OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-auth/polkit< 0.120-r2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	sys-auth/polkit	< 0.120-r2	UNKNOWN

checkpoint_security 1

ibm 6

prion 1

saint 2

nessus 35

githubexploit 91

thn 1

veracode 1

metasploit 1

redhat 9

debiancve 1

openvas 15

slackware 1

rosalinux 2

redos 1

ubuntu 2

fedora 1

freebsd 1

qualysblog 2

trendmicroblog 1

talosblog 1

attackerkb 1

threatpost 1

f5 1

packetstorm 1

kitploit 1

zdt 2

cbl_mariner 2

cisa_kev 1

osv 2

rocky 1

suse 1

oraclelinux 1

redhatcve 1

cloudlinux 1

cve 1

ics 1

debian 1

alpinelinux 1

centos 1

mageia 1

checkpoint_security

Check Point's Response to CVE-2021-4034 - Local Privilege Escalation in polkit's pkexec

2022-01-29 20:41:56

ibm

Security Bulletin: App Connect Professional is affected by polkit's pkexec vulnerability

2022-02-15 04:15:53

Security Bulletin: IBM Security Guardium is affected by a PolicyKit vulnerability (CVE-2021-4034)

2022-11-08 20:10:55

Security Bulletin: TS3000 (TSSC/IMC) is vulnerable to privilege escalation vulnerability due to polkit ( CVE-2021-4034 )

2022-05-05 19:18:30

prion

Privilege escalation

2022-01-28 20:15:00

saint

Polkit pkexec privilege elevation

2022-01-27 00:00:00

Polkit pkexec privilege elevation

2022-01-27 00:00:00

nessus

EulerOS 2.0 SP10 : polkit (EulerOS-SA-2022-1512)

2022-04-20 00:00:00

RHEL 8 : polkit (RHSA-2022:0266)

2022-01-26 00:00:00

EulerOS 2.0 SP9 : polkit (EulerOS-SA-2022-1420)

2022-04-18 00:00:00

githubexploit

Exploit for Out-of-bounds Write in Polkit Project Polkit

2021-12-29 15:00:00

Exploit for Out-of-bounds Write in Polkit Project Polkit

2022-02-02 09:26:24

Exploit for Out-of-bounds Write in Polkit Project Polkit

2022-02-04 06:33:24

thn

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

2022-10-13 12:17:00

veracode

Privilege Escalation

2022-01-26 05:22:38

metasploit

Local Privilege Escalation in polkits pkexec

2022-01-26 19:05:36

redhat

(RHSA-2022:0267) Important: polkit security update

2022-01-25 17:38:41

(RHSA-2022:0274) Important: polkit security update

2022-01-25 19:09:44

(RHSA-2022:0272) Important: polkit security update

2022-01-25 18:08:44

debiancve

CVE-2021-4034

2022-01-28 20:15:00

openvas

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2023-1083)

2023-01-09 00:00:00

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2022-2527)

2022-10-10 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:0191-1)

2022-01-26 00:00:00

slackware

[slackware-security] polkit

2022-01-26 05:02:16

rosalinux

Advisory ROSA-SA-2022-2013

2022-01-31 14:03:39

Advisory ROSA-SA-2022-2012

2022-01-27 13:18:29

redos

ROS-20220128-01

2022-01-28 00:00:00

ubuntu

PolicyKit vulnerability

2022-01-25 00:00:00

PolicyKit vulnerability

2022-01-25 00:00:00

fedora

[SECURITY] Fedora 34 Update: polkit-0.117-3.fc34.2

2022-01-26 23:42:37

freebsd

polkit -- Local Privilege Escalation

2022-01-25 00:00:00

qualysblog

QSC 2022: Qualys’ Threat Research Unit (TRU) – Our Shield Is Your Shield

2022-11-11 01:28:25

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

2022-01-25 17:36:43

trendmicroblog

Detecting PwnKit (CVE-2021-4034) Using Trend Micro™ Vision One™ and Cloud One™

2022-02-11 00:00:00

talosblog

Alchimist: A new attack framework in Chinese for Mac, Linux and Windows

2022-10-13 12:00:00

attackerkb

CVE-2021-4034

2022-01-28 00:00:00

threatpost

Ubiquitous Linux Bug: ‘An Attacker’s Dream Come True’

2022-01-26 17:52:49

K46015513 : Polkit pkexec vulnerability CVE-2021-4034

2022-01-29 00:00:00

packetstorm

Polkit pkexec Local Privilege Escalation

2022-03-03 00:00:00

kitploit

PwnKit-Exploit - Proof Of Concept (PoC) CVE-2021-4034

2022-03-07 11:30:00

zdt

PolicyKit-1 0.105-31 - Privilege Escalation Exploit

2022-01-27 00:00:00

Polkit pkexec Local Privilege Escalation Exploit

2022-01-26 00:00:00

cbl_mariner

CVE-2021-4034 affecting package polkit 0.119-3

2022-04-09 06:51:57

CVE-2021-4034 affecting package polkit 0.116-7

2022-02-01 04:53:56

cisa_kev

Red Hat Polkit Out-of-Bounds Read and Write Vulnerability

2022-06-27 00:00:00

osv

policykit-1 - security update

2022-01-25 00:00:00

Important: polkit security update

2022-01-25 17:38:41

rocky

polkit security update

2022-01-26 21:26:22

suse

Security update for polkit (important)

2022-01-25 00:00:00

oraclelinux

polkit security update

2022-01-25 00:00:00

redhatcve

CVE-2021-4034

2022-05-07 14:22:00

cloudlinux

Fix of CVE: CVE-2021-4034

2022-01-26 15:45:42

cve

CVE-2021-4034

2022-01-28 20:15:00

ics

Siemens SCALANCE LPE 4903 and SINUMERIK Edge

2022-06-16 12:00:00

debian

[SECURITY] [DSA 5059-1] policykit-1 security update

2022-01-25 17:46:09

alpinelinux

CVE-2021-4034

2022-01-28 20:15:00

centos

polkit security update

2022-01-26 20:42:52

mageia

Updated polkit packages fix security vulnerability

2022-01-26 13:30:04

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

15.6%

JSON

Related for GLSA-202201-01