Linux Polkit Privilege Escalation Vulnerability (CVE-2021-4034)¶
I. Overview¶
Recently, a security research team disclosed a privilege escalation vulnerability (CVE-2021-4034, also dubbed PwnKit) in PolKit's pkexec. Unprivileged users can gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration. Currently, the POC/EXP of this vulnerability has been disclosed, and the risk is high.
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. pkexec is a part of the Polkit framework. It executes commands with elevated permissions and is an alternative to Sudo. If you are a Polkit user, check your Polkit version and implement timely security hardening.
Reference link: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
II. Severity¶
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products¶
Affected versions: all mainstream Linux versions
Secure versions: View the security bulletins of Linux vendors.
IV. Vulnerability Handling¶
Currently, Linux vendors, such as Red Hat, Ubuntu, Debian, and SUSE, have released patches to fix this vulnerability. Upgrade your Linux OS to a secure version. If you are unable to update it in a timely manner, you can mitigate the risk by referring to the official suggestions provided by these vendors.
RedHat, Ubuntu: USN-5252-1, USN-5252-2; Debian, SUSE
EulerOS has released a patch. You only need to upgrade the polkit package (.rpm).
The upgrade method is as follows:
yum clean all
yum makecache
yum update polkit
rpm -qa | grep polkit
Check whether the OS has been upgraded to the corresponding version.
EulerOS 2.10: polkit-0.116-6.h4
EulerOS 2.9: polkit-0.116-5.h7
EulerOS 2.8: polkit-0.115-2.h14
EulerOS 2.5: polkit-0.112-14.h15
If no patch is available in your system, run the # chmod 0755 /usr/bin/pkexec command to delete SUID-bit from pkexec.
Before fixing vulnerabilities, back up your files and conduct a thorough test.