2022-02-01

CVE-2021-4034 - Polkit's Pkexec - LPE

Level: 
Tactical
  |  Source: 
Qualys - Advisory
Cybersecurity
Government & Technology
Share:

CVE-2021-4034 - polkit's pkexec - LPE

Qualys identifies a local privilege escalation vulnerability, CVE-2021-4034, in SUID-root program, polkit's pkexec. The program is present on all major Linux distributions including Ubuntu, Debian, Fedora and CentOS. The exploit of this vulnerability is described as trivial due to the ease of its execution, there have been various proofs-of-concept from security researchers released to help demonstrate the vulnerability. The impact of the issue can be widespread, presenting multiple advantages to attackers providing high privileges with applicability on all Linux distributions.

     

Get trending threats published weekly by the Anvilogic team.

Sign Up Now