The vulnerability in the Polkit library for UNIX-like operating systems is related to improper handling of the
number of call parameters in the pkexec setuid binary, which causes the binary to
executes environment variables as commands. Exploitation of the vulnerability could allow an attacker to create
environment variables in such a way that they are processed and executed by pkexec on a system as the
root user

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64polkit<= 0.118-3UNKNOWN

OS	Version	Architecture	Package	Version	Filename
redos	7.3	x86_64	polkit	<= 0.118-3	UNKNOWN

checkpoint_security 1

ibm 8

prion 1

saint 1

nessus 41

githubexploit 78

thn 1

qualysblog 1

metasploit 1

rosalinux 2

redhat 6

slackware 1

veracode 1

openvas 16

debiancve 1

fedora 2

ubuntu 2

freebsd 1

trendmicroblog 1

talosblog 2

attackerkb 1

threatpost 1

f5 1

packetstorm 2

zdt 2

cisa_kev 1

cbl_mariner 2

osv 2

kitploit 1

rocky 2

suse 1

oraclelinux 3

cve 1

cloudlinux 1

ics 1

redhatcve 1

altlinux 2

cnvd 1

hp 1

schneier 1

redos 1

almalinux 1

amazon 1

checkpoint_security

Check Point's Response to CVE-2021-4034 - Local Privilege Escalation in polkit's pkexec

2022-01-29 20:41:56

ibm

Security Bulletin: App Connect Professional is affected by polkit's pkexec vulnerability

2022-02-15 04:15:53

Security Bulletin: TS3000 (TSSC/IMC) is vulnerable to privilege escalation vulnerability due to polkit ( CVE-2021-4034 )

2022-05-05 19:18:30

Security Bulletin: IBM Security Guardium is affected by a PolicyKit vulnerability (CVE-2021-4034)

2022-11-08 20:10:55

prion

Privilege escalation

2022-01-28 20:15:00

saint

Polkit pkexec privilege elevation

2022-01-27 00:00:00

nessus

EulerOS 2.0 SP10 : polkit (EulerOS-SA-2022-1512)

2022-04-20 00:00:00

RHEL 8 : polkit (RHSA-2022:0266)

2022-01-26 00:00:00

EulerOS 2.0 SP9 : polkit (EulerOS-SA-2022-1420)

2022-04-18 00:00:00

githubexploit

Exploit for Out-of-bounds Write in Polkit Project Polkit

2021-12-29 15:00:00

Exploit for Out-of-bounds Write in Polkit Project Polkit

2022-02-02 09:26:24

Exploit for Out-of-bounds Write in Polkit Project Polkit

2022-02-04 06:33:24

thn

New Chinese Malware Attack Framework Targets Windows, macOS, and Linux Systems

2022-10-13 12:17:00

qualysblog

QSC 2022: Qualys’ Threat Research Unit (TRU) – Our Shield Is Your Shield

2022-11-11 01:28:25

metasploit

Local Privilege Escalation in polkits pkexec

2022-01-26 19:05:36

rosalinux

Advisory ROSA-SA-2022-2013

2022-01-31 14:03:39

Advisory ROSA-SA-2022-2012

2022-01-27 13:18:29

redhat

(RHSA-2022:0267) Important: polkit security update

2022-01-25 17:38:41

(RHSA-2022:0274) Important: polkit security update

2022-01-25 19:09:44

(RHSA-2022:0272) Important: polkit security update

2022-01-25 18:08:44

slackware

[slackware-security] polkit

2022-01-26 05:02:16

veracode

Privilege Escalation

2022-01-26 05:22:38

openvas

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2022-2527)

2022-10-10 00:00:00

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2023-1083)

2023-01-09 00:00:00

openSUSE: Security Advisory for polkit (openSUSE-SU-2022:0190-1)

2022-02-08 00:00:00

debiancve

CVE-2021-4034

2022-01-28 20:15:00

fedora

[SECURITY] Fedora 34 Update: polkit-0.117-3.fc34.2

2022-01-26 23:42:37

[SECURITY] Fedora 35 Update: polkit-0.120-1.fc35.1

2022-01-26 18:41:50

ubuntu

PolicyKit vulnerability

2022-01-25 00:00:00

PolicyKit vulnerability

2022-01-25 00:00:00

freebsd

polkit -- Local Privilege Escalation

2022-01-25 00:00:00

trendmicroblog

Detecting PwnKit (CVE-2021-4034) Using Trend Micro™ Vision One™ and Cloud One™

2022-02-11 00:00:00

talosblog

Alchimist: A new attack framework in Chinese for Mac, Linux and Windows

2022-10-13 12:00:00

Alchimist: A new attack framework in Chinese for Mac, Linux and Windows

2022-10-13 12:00:00

attackerkb

CVE-2021-4034

2022-01-28 00:00:00

threatpost

Ubiquitous Linux Bug: ‘An Attacker’s Dream Come True’

2022-01-26 17:52:49

K46015513 : Polkit pkexec vulnerability CVE-2021-4034

2022-01-29 00:00:00

packetstorm

Polkit pkexec Local Privilege Escalation

2022-03-03 00:00:00

PolicyKit-1 0.105-31 Privilege Escalation

2022-01-27 00:00:00

zdt

PolicyKit-1 0.105-31 - Privilege Escalation Exploit

2022-01-27 00:00:00

Polkit pkexec Local Privilege Escalation Exploit

2022-01-26 00:00:00

cisa_kev

Red Hat Polkit Out-of-Bounds Read and Write Vulnerability

2022-06-27 00:00:00

cbl_mariner

CVE-2021-4034 affecting package polkit 0.119-3

2022-04-09 06:51:57

CVE-2021-4034 affecting package polkit 0.116-7

2022-02-01 04:53:56

osv

Important: polkit security update

2022-01-25 17:38:41

policykit-1 - security update

2022-01-25 00:00:00

kitploit

PwnKit-Exploit - Proof Of Concept (PoC) CVE-2021-4034

2022-03-07 11:30:00

rocky

polkit security update

2022-01-26 21:26:22

polkit security update

2022-01-25 17:38:41

suse

Security update for polkit (important)

2022-01-25 00:00:00

oraclelinux

polkit security update

2022-01-25 00:00:00

polkit security update

2022-01-25 00:00:00

polkit security update

2022-01-28 00:00:00

cve

CVE-2021-4034

2022-01-28 20:15:00

cloudlinux

Fix of CVE: CVE-2021-4034

2022-01-26 15:45:42

ics

Siemens SCALANCE LPE 4903 and SINUMERIK Edge

2022-06-16 12:00:00

redhatcve

CVE-2021-4034

2022-05-07 14:22:00

altlinux

Security fix for the ALT Linux 9 package polkit version 0.116-alt2.M90P.4

2022-02-01 00:00:00

Security fix for the ALT Linux 10 package kernel-image-std-def version 2:5.10.110-alt1

2022-04-12 00:00:00

cnvd

polkit pkexec elevation of privilege vulnerability

2022-01-27 00:00:00

HP ThinPro Linux Escalation of Privilege

2022-03-03 00:00:00

schneier

Twelve-Year-Old Linux Vulnerability Discovered and Patched

2022-01-31 12:18:55

redos

ROS-20220301-01

2022-03-01 00:00:00

almalinux

Important: polkit security update

2022-01-25 17:38:41

amazon

Important: polkit

2022-01-27 00:38:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0005 Low

EPSS

Percentile

15.6%

JSON

Related for ROS-20220128-01