CVE-2021-4034

Опубликовано: 28 янв. 2022

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Высокий

Описание

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

Ссылки

http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
Third Party Advisory
VDB Entry
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
Mitigation
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2025869
Issue Tracking
Patch
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
Third Party Advisory
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
Patch
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
Exploit
Mitigation
Third Party Advisory
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
Exploit
Third Party Advisory
https://www.starwindsoftware.com/security/sw-20220818-0001/
Third Party Advisory
https://www.suse.com/support/kb/doc/?id=000020564
Third Party Advisory
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html
Exploit
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html
Third Party Advisory
VDB Entry
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
Mitigation
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2025869
Issue Tracking
Patch
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf
Third Party Advisory
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
Patch
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch
Third Party Advisory
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
Exploit
Mitigation
Third Party Advisory
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*

Версия до 121 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*

cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*

cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:-:*:*:*

cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*

cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:-:*:*

cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:sap:*:*

cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

Конфигурация 6

cpe:2.3:a:siemens:sinumerik_edge:*:*:*:*:*:*:*:*

Версия до 3.3.0 (исключая)

Конфигурация 7

Одновременно

cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*

Версия до 2.0 (исключая)

cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*

Конфигурация 8

Одно из

cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*

cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.88414

Высокий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-787

CWE-125

Связанные уязвимости

CVE-2021-4034

CVSS3: 7.8

ubuntu

больше 3 лет назад

CVE-2021-4034

CVSS3: 7.8

redhat

больше 3 лет назад

CVE-2021-4034

CVSS3: 7.8

msrc

больше 3 лет назад

Описание отсутствует

CVE-2021-4034

CVSS3: 7.8

debian

больше 3 лет назад

A local privilege escalation vulnerability was found on polkit's pkexe ...

openSUSE-SU-2022:0190-1

suse-cvrf

больше 3 лет назад

Security update for polkit

EPSS

Процентиль: 99%

0.88414

Высокий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-787

CWE-125