Dong, Qiu Jian
b05d81fd8b
Reviewed-by: gtema <artem.goncharov@gmail.com> Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com> Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
6.0 KiB
Linux Polkit Privilege Escalation Vulnerability (CVE-2021-4034)
I. Overview
Recently, a security research team disclosed a privilege escalation vulnerability (CVE-2021-4034, also dubbed PwnKit) in PolKit's pkexec. Unprivileged users can gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration. Currently, the POC/EXP of this vulnerability has been disclosed, and the risk is high.
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. pkexec is a part of the Polkit framework. It executes commands with elevated permissions and is an alternative to Sudo. If you are a Polkit user, check your Polkit version and implement timely security hardening.
Reference link: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Affected versions: all mainstream Linux versions
Secure versions: View the security bulletins of Linux vendors.
IV. Vulnerability Handling
- Currently, Linux vendors, such as Red Hat, Ubuntu, Debian, and SUSE, have released patches to fix this vulnerability. Upgrade your Linux OS to a secure version. If you are unable to update it in a timely manner, you can mitigate the risk by referring to the official suggestions provided by these vendors.
RedHat, Ubuntu: USN-5252-1, USN-5252-2; Debian, SUSE
- EulerOS has released a patch. You only need to upgrade the polkit package (.rpm).
- If no patch is available in your system, run the # chmod 0755 /usr/bin/pkexec command to delete SUID-bit from pkexec.
Before fixing vulnerabilities, back up your files and conduct a thorough test.