CVE-2021-4034

Description from NVD

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

Information Acquisition Date:2022-08-21T06:00Z
CVSS 2.0: 7.2 HIGH CVSS 3.x: 7.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:L/AC:L/Au:N/C:C/I:C/A:C

NVD References

 https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
     source:MISC
     tags:Exploit    Mitigation    Third Party Advisory    
 https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
     source:MISC
     tags:Mitigation    Vendor Advisory    
 https://bugzilla.redhat.com/show_bug.cgi?id=2025869
     source:MISC
     tags:Issue Tracking    Patch    Vendor Advisory    
 https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
     source:MISC
     tags:Patch    Third Party Advisory    
 http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
     source:MISC
     tags:Exploit    Third Party Advisory    VDB Entry    
 http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
     source:MISC
     tags:Third Party Advisory    
 https://www.suse.com/support/kb/doc/?id=000020564
     source:MISC
     tags:Third Party Advisory    
 https://www.oracle.com/security-alerts/cpuapr2022.html
     source:MISC
     tags:
 https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
     source:CONFIRM
     tags:

This vulnerability may involve a PoC.

Description from Forti

USN-5252-2 USN-5252-2: PolicyKit vulnerability

Information Acquisition Date:2022/03/08

Affected Products

Impact

Recommended Actions

References

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Apache(1 tweets) Linux(3 tweets) OpenSSL(1 tweets)



List of frequently cited URLs

URLNum of Times Referred to
http://vulmon.com/vulnerabilitydetails?qid=CVE1377
http://patrowl.io266
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...235
https://blog.qualys68
https://cvetrends.com49
http://twinybots.ch31
http://cyberiqs.com/latestnews28
https://seclists.org/oss-sec/2022/q1/8028
https://lists.astaro.com/ASGV9-IPS-rules.html#015
https://haxx13
https://thehackernews.com/2022/01/12-year-old-polkit-flaw-l...9
https://news.ycombinator.com/item?id=300772718
https://unaaldia.hispasec.com/2022/02/prueba-de-concepto-pw...8
https://haxx.in/files/blasty-vs-pkexec.c7
http://feeds.feedburner.com/~ff/linuxquestions/latest?d=yIl...7
https://sysdig.com/blog/cve-2022-0185-container-escape6
https://opsmtrs.com/3hDMd1H6
https://csirt.gov.it/contenuti/vulnerabilita-pwnkit-cve-202...6
https://securityaffairs.co/wordpress/127199/security/linux-...6
https://securityonline.info/poc-cve-2021-4034-linux-polkit-...6
https://www.cyberark.com/resources/threat-research-blog/che...5
https://qiita.com/nw-engineer/items/ccbc8514594b4d1c85fb4
https://ariadne.space/2022/01/27/cve-2021-40344
https://www.openwall.com/lists/oss-security/2022/01/25/114
https://www.helpnetsecurity.com/2022/01/26/cve-2021-40344
https://ift.tt/3nWIQ883
https://youtu.be/Nzg-_FJFz0g3
http://earmas.ga3
https://sysdig.jp/blog/detecting-mitigating-cve-2021-4034-s...3
https://github.com/arthepsy/CVE-2021-40343
https://ubuntu.com/security/CVE-2021-40343
https://twitter.com/BleepinComputer/status/14860774967434158103
https://crowdsec.net/blog/pwnkit-avoid-privilege-escalation...3
https://gigazine.net/news/20220127-linux-polkit-bug-gives-a...3
https://isc.sans.edu/diary/rss/282723
https://socprime.com/blog/detect-cve-2021-4034-a-notorious-...3
https://tryhackme.com/room/pwnkit3
https://www.zdnet.com/article/major-linux-policykit-securit...3
https://go.trellix.com/3Lgz9Mb3
https://www.cybrary.it/podcasts/cybrary-podcasts/mitigating...3
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt3
https://arstechnica.com/information-technology/2022/01/a-bu...3
https://blog.qualys.com/vulnerabilities-threat-research/202...3
https://cloud.google.com/kubernetes-engine/docs/release-notes3
http://www.kitploit.com/2022/03/pwnkit-exploit-proof-of-con...3
https://access.redhat.com/security/cve/CVE-2021-40343
https://www.makeuseof.com/what-is-the-cve-2021-4034-polkit-...3
https://www.hackthebox.com/blog/The-tale-of-CVE-2021-4034-A...3
https://alas.aws.amazon.com/cve/html/CVE-2021-4034.html3
https://www.crowdstrike.com/blog/hunting-pwnkit-local-privi...3
https://ryiron.wordpress.com/2013/12/16/argv-silliness3
https://le-guide-du-secops.fr/2022/01/26/pwnkit-local-privi...3
https://le-guide-du-sysops.fr/index.php/2022/01/26/pwnkit-l...3
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5...3
https://www.hackingarticles.in/linux-privilege-escalation-p...3
https://packetstormsecurity.com/files/1657283
https://research.trendmicro.com/34tVTrt3
https://www.bleepingcomputer.com/news/security/linux-system...3
https://raw.githubusercontent.com/arthepsy/CVE-2021-4034/ma...3
https://globalsecuritydatabase.org3
https://security-tracker.debian.org/tracker/CVE-2021-40343

Information from Twitter

User URL Info Source Date
decodebytes https://twitter.com/decodebytes/status/1635972060647247872/... Source decodebytes      1635972060647247872 2023/03/15
HackersNews247 https://hackersnews.co.uk/pwnkit-local-privilege-escalation... Source HackersNews247   1636927038207524865 2023/03/18
HackersNews247 https://twitter.com/HackersNews247/status/16369270382075248... Source HackersNews247   1636927038207524865 2023/03/18
buaqbot https://ift.tt/u8xQwg0 Source buaqbot          1639054844668547077 2023/03/24
buaqbot https://ift.tt/am1yv0q Source buaqbot          1639054844668547077 2023/03/24
sicehice https://twitter.com/sicehice/status/1639251947332194305/pho... Source sicehice         1639251947332194305 2023/03/24
manea_sa_bot https://twitter.com/manea_sa_bot/status/1641786992798179332... Source manea_sa_bot     1641786992798179332 2023/03/31
root_angel01 https://tryhackme.com/room/pwnkit Source root_angel01     1645867137397936145 2023/04/12
DillionLiz98249 https://twitter.com/DillionLiz98249/status/1646717665887518... Source DillionLiz98249 1646717668437770240 2023/04/14

List of frequently cited URLs

URLNum of Times Referred to
vulmon.com1377
patrowl.io266
alerts.vulmon.com235
blog.qualys68
cvetrends.com49
twinybots.ch31
cyberiqs.com28
seclists.org28
lists.astaro.com15
haxx13
thehackernews.com9
news.ycombinator.com8
unaaldia.hispasec.com8
haxx.in7
feeds.feedburner.com7
sysdig.com6
opsmtrs.com6
csirt.gov.it6
securityaffairs.co6
securityonline.info6
www.cyberark.com5
qiita.com4
ariadne.space4
www.openwall.com4
www.helpnetsecurity.com4
ift.tt3
youtu.be3
earmas.ga3
sysdig.jp3
github.com3
ubuntu.com3
twitter.com3
crowdsec.net3
gigazine.net3
isc.sans.edu3
socprime.com3
tryhackme.com3
www.zdnet.com3
go.trellix.com3
www.cybrary.it3
www.qualys.com3
arstechnica.com3
blog.qualys.com3
cloud.google.com3
www.kitploit.com3
access.redhat.com3
www.makeuseof.com3
www.hackthebox.com3
alas.aws.amazon.com3
www.crowdstrike.com3
ryiron.wordpress.com3
le-guide-du-secops.fr3
le-guide-du-sysops.fr3
gitlab.freedesktop.org3
www.hackingarticles.in3
packetstormsecurity.com3
research.trendmicro.com3
www.bleepingcomputer.com3
raw.githubusercontent.com3
globalsecuritydatabase.org3
security-tracker.debian.org3

Information from Twitter

User URL Info Source
decodebytes twitter.com Show Tweet
HackersNews247 hackersnews.co.uk Show Tweet
HackersNews247 twitter.com Show Tweet
buaqbot ift.tt Show Tweet
buaqbot ift.tt Show Tweet
sicehice twitter.com Show Tweet
manea_sa_bot twitter.com Show Tweet
root_angel01 tryhackme.com Show Tweet
DillionLiz98249 twitter.com Show Tweet

GitHub Search Results: Up to 10
NameURL
berdav/CVE-2021-4034 https://github.com/berdav/CVE-2021-4034
arthepsy/CVE-2021-4034 https://github.com/arthepsy/CVE-2021-4034
nikaiw/CVE-2021-4034 https://github.com/nikaiw/CVE-2021-4034
dzonerzy/poc-cve-2021-4034 https://github.com/dzonerzy/poc-cve-2021-4034
ryaagard/CVE-2021-4034 https://github.com/ryaagard/CVE-2021-4034
Ayrx/CVE-2021-4034 https://github.com/Ayrx/CVE-2021-4034
ly4k/PwnKit https://github.com/ly4k/PwnKit
zhzyker/CVE-2021-4034 https://github.com/zhzyker/CVE-2021-4034
joeammond/CVE-2021-4034 https://github.com/joeammond/CVE-2021-4034
Rvn0xsy/CVE-2021-4034 https://github.com/Rvn0xsy/CVE-2021-4034

GitHub Search Results: Up to 10
NameURL
berdav/CVE-2021-4034 github.com
arthepsy/CVE-2021-4034 github.com
nikaiw/CVE-2021-4034 github.com
dzonerzy/poc-cve-2021-4034 github.com
ryaagard/CVE-2021-4034 github.com
Ayrx/CVE-2021-4034 github.com
ly4k/PwnKit github.com
zhzyker/CVE-2021-4034 github.com
joeammond/CVE-2021-4034 github.com
Rvn0xsy/CVE-2021-4034 github.com

2023/04/14 Score : 0
Added Har-sia Database : 2022/01/26
Last Modified : 2023/04/14
Highest Scored Date : 2022/01/26
Highest Score : 621