Vulnerability Description
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Polkit Project | Polkit | < 121 |
| Redhat | Enterprise Linux Server Update Services For Sap Solutions | 7.6 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux Desktop | 7.0 |
| Redhat | Enterprise Linux Eus | 8.2 |
| Redhat | Enterprise Linux For Ibm Z Systems | 7.0 |
| Redhat | Enterprise Linux For Ibm Z Systems Eus | 8.2 |
| Redhat | Enterprise Linux For Power Big Endian | 7.0 |
| Redhat | Enterprise Linux For Power Little Endian | 7.0 |
| Redhat | Enterprise Linux For Power Little Endian Eus | 8.1 |
| Redhat | Enterprise Linux For Scientific Computing | 7.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server Aus | 7.3 |
| Redhat | Enterprise Linux Server Eus | 8.4 |
| Redhat | Enterprise Linux Server Tus | 7.6 |
| Redhat | Enterprise Linux Workstation | 7.0 |
| Canonical | Ubuntu Linux | 14.04 |
| Suse | Enterprise Storage | 7.0 |
| Suse | Linux Enterprise High Performance Computing | 15.0 |
| Suse | Manager Proxy | 4.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-EscalaExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.hThird Party AdvisoryVDB Entry
- https://access.redhat.com/security/vulnerabilities/RHSB-2022-001MitigationVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2025869Issue TrackingPatch
- https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdfThird Party Advisory
- https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3Patch
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
- https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txtExploitMitigationThird Party Advisory
- https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-liExploitThird Party Advisory
- https://www.starwindsoftware.com/security/sw-20220818-0001/Third Party Advisory
- https://www.suse.com/support/kb/doc/?id=000020564Third Party Advisory
- http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-EscalaExploitThird Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.hThird Party AdvisoryVDB Entry
- https://access.redhat.com/security/vulnerabilities/RHSB-2022-001MitigationVendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2025869Issue TrackingPatch
FAQ
What is CVE-2021-4034?
CVE-2021-4034 is a vulnerability with a CVSS score of 7.8 (HIGH). A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users accord...
How severe is CVE-2021-4034?
CVE-2021-4034 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-4034?
Check the references section above for vendor advisories and patch information. Affected products include: Polkit Project Polkit, Redhat Enterprise Linux Server Update Services For Sap Solutions, Redhat Enterprise Linux, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Eus.