vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/cce/umn/CVE-2021-4034.html
Dong, Qiu Jian b05d81fd8b CCE UMN for 1.23 reuploaded -20221103 
Reviewed-by: gtema <artem.goncharov@gmail.com>
Co-authored-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
Co-committed-by: Dong, Qiu Jian <qiujiandong1@huawei.com>
2022-11-10 19:50:29 +00:00

29 lines
6.0 KiB
HTML
Raw Permalink Blame History

<a name="CVE-2021-4034"></a><a name="CVE-2021-4034"></a>
<h1 class="topictitle1">Linux Polkit Privilege Escalation Vulnerability (CVE-2021-4034)</h1>
<div id="body32001227"><div class="section" id="CVE-2021-4034__en-us_topic_0000001205409448_section197341929105811"><h4 class="sectiontitle"><strong id="CVE-2021-4034__en-us_topic_0000001205409448_b17634353123819">I. Overview</strong></h4><p id="CVE-2021-4034__en-us_topic_0000001205409448_p3984172225815">Recently, a security research team disclosed a privilege escalation vulnerability (CVE-2021-4034, also dubbed PwnKit) in PolKit's pkexec. Unprivileged users can gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration. Currently, the POC/EXP of this vulnerability has been disclosed, and the risk is high.</p>
<p id="CVE-2021-4034__en-us_topic_0000001205409448_p3984112218589">Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. pkexec is a part of the Polkit framework. It executes commands with elevated permissions and is an alternative to Sudo. If you are a Polkit user, check your Polkit version and implement timely security hardening.</p>
<p id="CVE-2021-4034__en-us_topic_0000001205409448_p15984192219589">Reference link: <a href="https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt" target="_blank" rel="noopener noreferrer">https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt</a></p>
</div>
<div class="section" id="CVE-2021-4034__en-us_topic_0000001205409448_section1620364219588"><h4 class="sectiontitle"><strong id="CVE-2021-4034__en-us_topic_0000001205409448_b734891310403">II. Severity</strong></h4><p id="CVE-2021-4034__en-us_topic_0000001205409448_p59841722115811">Severity: important</p>
<p id="CVE-2021-4034__en-us_topic_0000001205409448_p15984182245818">(Severity: low, moderate, important, and critical)</p>
</div>
<div class="section" id="CVE-2021-4034__en-us_topic_0000001205409448_section5543180603"><h4 class="sectiontitle"><strong id="CVE-2021-4034__en-us_topic_0000001205409448_b251116224404">III. Affected Products</strong></h4><p id="CVE-2021-4034__en-us_topic_0000001205409448_p498492225816">Affected versions: all mainstream Linux versions</p>
<p id="CVE-2021-4034__en-us_topic_0000001205409448_p1498432217586">Secure versions: View the security bulletins of Linux vendors.</p>
</div>
<div class="section" id="CVE-2021-4034__en-us_topic_0000001205409448_section723118310015"><h4 class="sectiontitle"><strong id="CVE-2021-4034__en-us_topic_0000001205409448_b1115413522408">IV. Vulnerability Handling</strong></h4><ol id="CVE-2021-4034__en-us_topic_0000001205409448_ol73025219296"><li id="CVE-2021-4034__en-us_topic_0000001205409448_li12302182152916">Currently, Linux vendors, such as Red Hat, Ubuntu, Debian, and SUSE, have released patches to fix this vulnerability. Upgrade your Linux OS to a secure version. If you are unable to update it in a timely manner, you can mitigate the risk by referring to the official suggestions provided by these vendors.<p id="CVE-2021-4034__en-us_topic_0000001205409448_p202482241291"><a name="CVE-2021-4034__en-us_topic_0000001205409448_li12302182152916"></a><a name="en-us_topic_0000001205409448_li12302182152916"></a><a href="https://access.redhat.com/security/security-updates/#/security-advisories" target="_blank" rel="noopener noreferrer">RedHat</a>, Ubuntu: <a href="https://ubuntu.com/security/notices/USN-5252-1" target="_blank" rel="noopener noreferrer">USN-5252-1</a>, <a href="https://ubuntu.com/security/notices/USN-5252-2" target="_blank" rel="noopener noreferrer">USN-5252-2</a>; <a href="https://security-tracker.debian.org/tracker/CVE-2021-4034" target="_blank" rel="noopener noreferrer">Debian</a>, <a href="https://www.suse.com/security/cve/CVE-2021-4034.html" target="_blank" rel="noopener noreferrer">SUSE</a></p>
</li><li id="CVE-2021-4034__en-us_topic_0000001205409448_li8302162116293">EulerOS has released a patch. You only need to upgrade the polkit package (.rpm).<p id="CVE-2021-4034__en-us_topic_0000001205409448_p9527162203113"><a name="CVE-2021-4034__en-us_topic_0000001205409448_li8302162116293"></a><a name="en-us_topic_0000001205409448_li8302162116293"></a>The upgrade method is as follows:</p>
<ol type="a" id="CVE-2021-4034__en-us_topic_0000001205409448_ol18799151153112"><li id="CVE-2021-4034__en-us_topic_0000001205409448_li1195516499315">yum clean all</li><li id="CVE-2021-4034__en-us_topic_0000001205409448_li0957649143115">yum makecache</li><li id="CVE-2021-4034__en-us_topic_0000001205409448_li1795912490314">yum update polkit</li><li id="CVE-2021-4034__en-us_topic_0000001205409448_li1496244973110">rpm -qa | grep polkit<p id="CVE-2021-4034__en-us_topic_0000001205409448_p13818193693117"><a name="CVE-2021-4034__en-us_topic_0000001205409448_li1496244973110"></a><a name="en-us_topic_0000001205409448_li1496244973110"></a>Check whether the OS has been upgraded to the corresponding version.</p>
<ul id="CVE-2021-4034__en-us_topic_0000001205409448_ul2700131112324"><li id="CVE-2021-4034__en-us_topic_0000001205409448_li370010115323">EulerOS 2.10: polkit-0.116-6.h4</li><li id="CVE-2021-4034__en-us_topic_0000001205409448_li47001411123219">EulerOS 2.9: polkit-0.116-5.h7</li><li id="CVE-2021-4034__en-us_topic_0000001205409448_li470081113326">EulerOS 2.8: polkit-0.115-2.h14</li><li id="CVE-2021-4034__en-us_topic_0000001205409448_li570051143217">EulerOS 2.5: polkit-0.112-14.h15</li></ul>
</li></ol>
</li><li id="CVE-2021-4034__en-us_topic_0000001205409448_li3302321132918">If no patch is available in your system, run the <strong id="CVE-2021-4034__en-us_topic_0000001205409448_b18506163310434"># chmod 0755 /usr/bin/pkexec</strong> command to delete SUID-bit from pkexec.</li></ol>
<p id="CVE-2021-4034__en-us_topic_0000001205409448_p109072344299">Before fixing vulnerabilities, back up your files and conduct a thorough test.</p>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="cce_bulletin_0169.html">Security Vulnerability Responses</a></div>
</div>
</div>
View Git Blame Copy Permalink