【Security Notice】Linux Polkit Permission Enhancement Vulnerability Risk Notice (CVE-2021-4034)
Pebris
2022 February Tuesday 8th18:10pm
Vulnerability details
Recently, foreign security teams announced that a local permission escalation vulnerability has been discovered in the pkexec program of Polkit. The pkexec application is a setuid tool designed to allow non privileged users to run commands as privileged users based on predefined policies.
Due to the current version of pkexec not being able to properly handle call parameter counting, it will eventually attempt to execute environment variables as commands. Attackers can induce pkexec to execute arbitrary code by controlling environment variables. After successful utilization, it can cause non privileged users to gain administrator privileges.
Risk level
High risk
Vulnerability risk
At present, the vulnerability POC has been leaked, and attackers can exploit this vulnerability to cause harm such as malicious user privilege escalation
Impact version
Due to the pre installed tools for the system, mainstream Linux versions are currently affected
Safe version
CentOS series:
CentOS 6: polkit-0.96-11.el6_10.2 (Tencent Cloud is not affected by default)
CentOS 7:polkit-0.112-26.el7_9.1
CentOS 8.0:polkit-0.115-13.el8_5.1
CentOS 8.2:polkit-0.115-11.el8_2.2
CentOS 8.4:polkit-0.115-11.el8_4.2
Ubuntu series:
Ubuntu 20.04 LTS:policykit-1 - 0.105-26ubuntu1.2Ubuntu 18.04 LTS:policykit-1 - 0.105-20ubuntu0.18.04.6
Ubuntu 16.04 ESM:policykit-1 - 0.105-14.1ubuntu0.5+esm1
Ubuntu 14.04 ESM:policykit-1 - 0.105-4ubuntu3.14.04.6+esm1
Repair suggestions
CentOS users can upgrade to a secure version or higher using the following command:
yum clean all && yum makecache
yum update polkit -y
You can check if Polkit is a secure version by using the following command:
rpm -qa polkit
Ubuntu users can upgrade to a secure version or higher using the following command:
sudo apt-get update
sudo apt-get install policykit-1
You can check if Polkit is a secure version by using the following command:
dpkg -l policykit-1
The official source has not been updated, and users can temporarily alleviate it by using the following command:
#Chmod 0755/usr/bin/pkexec
At present, the official Linux distributions have provided security patches. It is recommended that users upgrade to the secure version as soon as possible, or refer to the official instructions to alleviate the situation. CentOS, Ubuntu, and Debian users can refer to the following link:
https://ubuntu.com/security/CVE-2021-4034
https://access.redhat.com/security/cve/CVE-2021-4034
https://security-tracker.debian.org/tracker/CVE-2021-4034
[Note]: It is recommended that you do a good job of data backup before upgrading to avoid accidents
Help and Support
Come meet the Pebris team. We’re always excited to talk about cloud infrastructure and how you can use Pebris to grow and scale your business.
