Polkit pkexec privilege elevation

Added: 01/27/2022
CVE: CVE-2021-4034

Background

Polkit is a Linux package for handling policies that allow unprivileged processes to communicate with privileged processes. It includes a tool called pkexec that allows the user to execute commands as another user according to the polkit policy.

Problem

A privilege elevation vulnerability in pkexec allows local unprivileged users to execute arbitrary commands with root privileges.

Resolution

Upgrade to Polkit 0.121 or higher when available, or apply a fix from your Linux vendor.

References

https://access.redhat.com/security/cve/CVE-2021-4034
https://gitlab.freedesktop.org/polkit/polkit/-/issues/166

Limitations

Exploit requires an existing unprivileged shell connection to the target.

Platforms

Linux

Back to exploit index