A local privilege escalation vulnerability was recently found in the pkexec utility provided by the Polkit package. The pkexec utility does not correctly handle command-line parameters. This allows unprivileged local users to escalate their privileges by injecting parameters and take control of affected operating systems.
Detected vulnerability
Vulnerability ID: CVE-2021-4034
Vulnerability severity: high
Affected versions: all major Linux distributions
Details
The CVE-2021-4034 vulnerability is a memory corruption vulnerability in the pkexec utility of Polkit. The pkexec utility is a setuid-root program that is installed on every major Linux distribution and allows unprivileged users to run commands as privileged users based on predefined policies. The current version of pkexec does not correctly handle command-line parameters. An attacker can exploit this vulnerability by crafting environment variables to induce pkexec to execute arbitrary code. Successful exploitation of this vulnerability can cause a local privilege escalation and grant unprivileged users administrative permissions on affected operating systems.
Security suggestions
The CVE-2021-4034 vulnerability has been fixed in the following versions of Polkit for Anolis OS and Alibaba Cloud Linux:
Anolis OS 7: polkit-0.112-26.an7.1
Anolis OS 8: polkit-0.115-13.an8_5.1
Alibaba Cloud Linux 2: polkit-0.112-26.3.al7.1
Alibaba Cloud Linux 3: polkit-0.115-13.al8.1
Other Linux distributions have provided security patches to fix this vulnerability. We recommend that you upgrade your Polkit to a secure version at your earliest convenience. For information about Ubuntu, Red Hat, CentOS, and Debian official announcements on this vulnerability, see the following documents:
Some commands used to upgrade Polkit:
For CentOS operating systems, run the following command to upgrade Polkit to a secure version:
yum clean all && yum makecache && yum update polkit -y
After Polkit is upgraded, you can run the following command to view the Polkit version and check whether the version is a secure one:
rpm -qa polkit
For Ubuntu operating systems, run the following command to upgrade Polkit to a secure version:
sudo apt-get update && sudo apt-get install policykit-1
After Polkit is upgraded, you can run the following command to view the Polkit version and check whether the version is a secure one:
dpkg -l policykit-1
References
Announcing party
Alibaba Cloud Computing Co., Ltd.