26/01/2022

Exploit Code Available for PwnKit Vulnerability (CVE-2021-4034)

Summary:

On January 25, 2022, Qualys disclosed a PwnKit privilege escalation vulnerability (CVE-2021-4034) that affects the pkexec program installed by default on all major Linux distributions. Pkexec is a component of Polkit (formerly PolicyKit), which controls communication between privileged and non-privileged processes on a Linux system. By exploiting the PwnKit vulnerability, an attacker can escalate privileges on vulnerable hosts and gain root access.

Qualys describes exploitation as trivial, but an attacker must have local access to a vulnerable host. Exploit code is publicly available, but Secureworks(R) Counter Threat Unit(TM) (CTU) researchers have not observed active exploitation as of this publication.

Recommended actions:

Patches have been released for multiple Linux distributions. Customers should review the documentation listed in the references section and apply upgrades or mitigations as appropriate in their environment.

Questions:

If you have any questions or concerns about this advisory, please contact the SOC or please contact us via our support desk – support@empsn.org.uk

References:

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

    Our partners