CVE-2021-4034 - polkit's pkexec - LPE

Industry: N/A | Level: Tactical | Sources: Qualys - Advisory & Qualys - Report

Qualys identifies a local privilege escalation vulnerability, CVE-2021-4034, in SUID-root program, polkit's pkexec. The program is present on all major Linux distributions including Ubuntu, Debian, Fedora and CentOS. The exploit of this vulnerability is described as trivial due to the ease of its execution, there have been various proofs-of-concept from security researchers released to help demonstrate the vulnerability. The impact of the issue can be widespread, presenting multiple advantages to attackers providing high privileges with applicability on all Linux distributions.

• Anvilogic Use Case: Potential CVE-2021-4034