oss-sec mailing list archives
Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
From: Roman Medina-Heigl Hernandez <roman () rs-labs com>
Date: Wed, 26 Jan 2022 12:18:07 +0100
Exploit by blasty attached (also at: https://haxx.in/files/blasty-vs-pkexec.c).
PS: Untested because my Debian machine doesn't contain pkexec, even though Qualy's advisory says it is by default on Debian.
PS2: Since vuln is trivially exploitable other exploits will arise for sure. Well, indeed there are already other exploits. (eg: https://github.com/berdav/CVE-2021-4034).
Cheers, -r El 25/01/2022 a las 19:04, Sam James escribió:
On 25 Jan 2022, at 17:57, Qualys Security Advisory <qsa () qualys com> wrote: Qualys Security Advisory pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) [snip]Hi, For the benefit of downstreams: patch is available in gitlab [0] but no release yet. [0] https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 Best, sam
-- Saludos, -Román
Attachment:
blasty-vs-pkexec.c
Description:
Current thread:
- pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Qualys Security Advisory (Jan 25)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Sam James (Jan 25)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Roman Medina-Heigl Hernandez (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Henri Salo (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Erik Auerswald (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Chris Boot (Jan 27)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Roman Medina-Heigl Hernandez (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Sam James (Jan 25)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Dominik Czarnota (Jan 26)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Kai Lüke (Jan 27)
- Re: pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) Bastian Blank (Jan 27)