← voltar
CVE-2021-4034

CVE-2021-4034

CVSS 7.8 HIGHEPSS 94.9%● KEVCWE-787
Em resumo

Uma falha na ferramenta pkexec do polkit permite que usuários sem privilégios executem comandos arbitrários com privilégios administrativos ao manipular variáveis de ambiente. Isso ocorre porque o pkexec processa incorretamente seus parâmetros de entrada e executa acidentalmente variáveis de ambiente como se fossem comandos.

Detalhe técnico

CVE-2021-4034 é um estouro de buffer (CWE-787) no processamento de argumentos do pkexec que causa a interpretação de variáveis de ambiente como comandos executáveis. Um atacante local sem privilégios pode criar variáveis de ambiente maliciosas para alcançar execução arbitrária de código com privilégios de root; a vulnerabilidade requer apenas acesso local e sem autenticação, resultando em escalação completa de privilégio.

Resumo gerado e traduzido por IA a partir da descrição oficial.
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
n/a · polkit
PoCs públicas encontradas76
githubgithub.com/berdav/CVE-2021-40342040githubgithub.com/ly4k/PwnKit1312githubgithub.com/arthepsy/CVE-2021-40341156githubgithub.com/PwnFunction/CVE-2021-4034351githubgithub.com/dadvlingd/CVE-2021-403420githubgithub.com/chenaotian/CVE-2021-403412githubgithub.com/wudicainiao/cve-2021-403410githubgithub.com/rvzsec/CVE-2021-40348githubgithub.com/Y3A/CVE-2021-40344githubgithub.com/tahaafarooq/poppy4githubgithub.com/artemis-mike/cve-2021-40343githubgithub.com/Pixailz/CVE-2021-40342githubgithub.com/jayhutajulu1/PwnKit-CVE-2021-40342githubgithub.com/wechicken456/CVE-2021-4034-CTF-writeup2githubgithub.com/Nosferatuvjr/PwnKit2githubgithub.com/A1vinSmith/CVE-2021-40341githubgithub.com/jehovah2002/CVE-2021-4034-pwnkit1githubgithub.com/ropydev/CVE-2021-4034-PwnKit1githubgithub.com/mutur4/CVE-2021-40341githubgithub.com/h3x0v3rl0rd/CVE-2021-4034_Python31githubgithub.com/CYB3RK1D/CVE-2021-4034-POC1githubgithub.com/jscamposx/hack1githubgithub.com/dr4xp/pwnkit-helper1githubgithub.com/cdxiaodong/CVE-2021-4034-touch1githubgithub.com/devianntsec/CVE-2021-40341githubgithub.com/usmansec/-CVE-2021-40341githubgithub.com/trinetra-1308/PwnKit-1githubgithub.com/xcanwin/CVE-2021-4034-UniontechOS1githubgithub.com/nagorealbisu/CVE-2021-40340githubgithub.com/igonzalez357/CVE-2021-4034-PwnKit-0githubgithub.com/ikerSandoval003/CVE-2021-40340githubgithub.com/AsierEgana/cve-2021-40340githubgithub.com/Z3R0space/CVE-2021-40340githubgithub.com/Milad-Rafie/PwnKit-Local-Privilege-Escalation-Vulnerability-Discovered-in-polkit-s-pkexec-CVE-2021-40340githubgithub.com/kali-guru/Pwnkit-CVE-2021-40340githubgithub.com/BugVex/Poison-HTB-Report0githubgithub.com/boro03/CVE-2021-40340githubgithub.com/ramahmdr/PwnKit0githubgithub.com/Abbykito/KERNELexploits0githubgithub.com/Allu-mette/cve-2021-40340githubgithub.com/vaibhavkrishna12004/ubuntu-privesc-lab0githubgithub.com/Murguii/DEV-CVE-2021-40340githubgithub.com/B1gN0Se/PwnKit_CVE-2021-40340githubgithub.com/vorkampfer/pwnkit_safety_check0githubgithub.com/Leemyunglyul/cve-2021-4034-mock0githubgithub.com/marcosChoucino/CVE-2021-40340githubgithub.com/galoget/PwnKit-CVE-2021-40340githubgithub.com/0x4ndy/CVE-2021-4034-PoC0githubgithub.com/antoinenguyen-09/CVE-2021-40340githubgithub.com/TanmoyG1800/CVE-2021-40340githubgithub.com/CronoX1/CVE-2021-40340githubgithub.com/supportingmx/cve-2021-40340githubgithub.com/HellGateCorp/pwnkit0githubgithub.com/Silencecyber/cve-2021-40340githubgithub.com/Geni0r/cve-2021-4034-poc0githubgithub.com/toecesws/CVE-2021-40340githubgithub.com/fei9747/CVE-2021-40340githubgithub.com/pyhrr0/pwnkit0githubgithub.com/ps-interactive/lab_cve-2021-4034-polkit-emulation-and-detection0githubgithub.com/asepsaepdin/CVE-2021-40340githubgithub.com/JohnGilbert57/CVE-2021-4034-Capture-the-flag0githubgithub.com/Part01-Pai/Polkit-Permission-promotion-compiled0githubgithub.com/LucasPDiniz/CVE-2021-40340githubgithub.com/Pol-Ruiz/CVE-2021-40340githubgithub.com/cerodah/CVE-2021-40340githubgithub.com/FancySauce/PwnKit-CVE-2021-40340githubgithub.com/ASG-CASTLE/CVE-2021-40340githubgithub.com/X-Projetion/Exploiting-PwnKit-CVE-2021-4034-0githubgithub.com/evkl1d/CVE-2021-40340githubgithub.com/zxybfq/CVE-2021-40340githubgithub.com/EuJin03/CVE-2021-4034-PoC0githubgithub.com/dh4r4/PwnKit-CVE-2021-4034-0githubgithub.com/12bijaya/CVE-2021-4034-PwnKit-0cve_referencepacketstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.htmlnão verificadoexploitdbwww.exploit-db.com/exploits/50689não verificadocve_referencepacketstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.htmlnão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.htmlhttps://access.redhat.com/security/vulnerabilities/RHSB-2022-001https://bugzilla.redhat.com/show_bug.cgi?id=2025869https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdfhttps://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txthttps://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/https://www.starwindsoftware.com/security/sw-20220818-0001/https://www.suse.com/support/kb/doc/?id=000020564