PwnKit: Local privilege escalation vulnerability discovered in polkit pkexec (CVE-2021-4034)

March 10, 2022

About Polkit pkexec for Linux

The Qualys Research Team has discovered a privilege escalation vulnerability on Linux systems, this vulnerability is present in plkit's pkexec, which is a SUID-root program that is installed by default on most Linux distributions.

 

Polkit (formerly PolicyKit) is a component for controlling system-wide privileges on Unix-like operating systems. It provides an organized way for unprivileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the pkexec command followed by the command to be executed (with root permission). Its origin was traced back to the initial commit of pkexec, over 12 years ago, which means that all versions of Polkit are affected.

Researchers at information security firm Qualys found that local attackers could use the pkexec program to increase root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS, and likely other Linux distributions.

 

Potential Impact of the PwnKit Vulnerability

Successful exploitation of this vulnerability allows any non-privileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and gain full root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS.

Solution: How to patch the PwnKit vulnerability?

Given the breadth of the attack surface for this vulnerability across Linux and non-Linux operating systems, ES Consulting recommends that users apply patches for this vulnerability immediately.

For more information on this and other topics
you can send us a message

contact us