[PoC] CVE-2021-4034: Linux Polkit Privilege Escalation Vulnerability Alert

CVE-2022-0847
On January 26, 2022, Linux issued a risk notice of pkexec, the vulnerability number is CVE-2021-4034, the vulnerability level is high risk with the CVSS of 7.8. At present, the poc of this vulnerability has been made public.
The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according to predefined policies. pkexec is installed by default on all major Linux distributions like Ubuntu, Debian, Fedora, CentOS, and other distributions are probably also exploitable. Any unprivileged local user can exploit this vulnerability to obtain
full root privileges.
CVE-2017-16995

Vulnerability Detail

A local privilege escalation vulnerability exists in polkit’s pkexec utility. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can exploit this by manipulating environment variables to induce pkexec to execute arbitrary code. After successful exploitation, it will lead to local privilege escalation, and unprivileged users gain administrator rights.

Affected version

At present, various Linux distributions have officially issued security patches. It is recommended that users upgrade to the security version as soon as possible, or refer to the official instructions for mitigation. CentOS, Ubuntu, and Debian users can refer to the following links:

  • https://ubuntu.com/security/CVE-2021-4034
  • https://access.redhat.com/security/cve/CVE-2021-4034
  • https://security-tracker.debian.org/tracker/CVE-2021-4034