A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
|
History
18 Oct 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Sep 2023, 19:45
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-125 |
13 Feb 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. |
02 Feb 2023, 21:21
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector |
25 Oct 2022, 16:59
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:*:*:*:*:*:*:* cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:* cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:* |
|
First Time |
Starwindsoftware starwind Hyperconverged Appliance
Starwindsoftware command Center Starwindsoftware starwind Virtual San Starwindsoftware |
|
References | (MISC) https://www.starwindsoftware.com/security/sw-20220818-0001/ - Third Party Advisory |
11 Oct 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Oct 2022, 16:32
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:* cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinumerik_edge:*:*:*:*:*:*:*:* |
|
First Time |
Oracle http Server
Siemens scalance Lpe9403 Siemens sinumerik Edge Oracle zfs Storage Appliance Kit Siemens scalance Lpe9403 Firmware Oracle Siemens |
|
References | (CONFIRM) https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html - Third Party Advisory, VDB Entry | |
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Third Party Advisory |
14 Jun 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
20 Apr 2022, 00:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Apr 2022, 09:58
Type | Values Removed | Values Added |
---|---|---|
First Time |
Suse linux Enterprise Desktop
Suse manager Proxy Suse linux Enterprise Workstation Extension Suse Suse manager Server Suse enterprise Storage Suse linux Enterprise Server Suse linux Enterprise High Performance Computing |
|
CPE | cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:-:*:*:* cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:*:*:*:*:*:* cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:* cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:-:*:* cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:sap:*:* |
|
References | (MISC) http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html - Third Party Advisory | |
References | (MISC) https://www.suse.com/support/kb/doc/?id=000020564 - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry |
14 Apr 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Mar 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Mar 2022, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
31 Jan 2022, 17:50
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux Desktop Redhat enterprise Linux Server Redhat enterprise Linux Eus Redhat enterprise Linux Server Tus Canonical ubuntu Linux Redhat enterprise Linux Server Aus Redhat enterprise Linux For Power Little Endian Eus Canonical Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Scientific Computing Redhat enterprise Linux For Power Big Endian Redhat enterprise Linux Server Update Services For Sap Solutions Polkit Project polkit Redhat enterprise Linux Workstation Polkit Project Redhat enterprise Linux Redhat enterprise Linux For Ibm Z Systems Eus Redhat enterprise Linux Server Eus Redhat |
|
References | (MISC) https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt - Exploit, Mitigation, Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 - Mitigation, Vendor Advisory | |
References | (MISC) https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 - Patch, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2025869 - Issue Tracking, Patch, Vendor Advisory | |
CWE | CWE-787 | |
CVSS |
v2 : v3 : |
v2 : 7.2
v3 : 7.8 |
CPE | cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:* cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:* cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* |
28 Jan 2022, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-28 20:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-4034
Mitre link : CVE-2021-4034
CVE.ORG link : CVE-2021-4034
JSON object : View
Products Affected
redhat
- enterprise_linux_server_aus
- enterprise_linux_server_tus
- enterprise_linux_eus
- enterprise_linux_for_ibm_z_systems
- enterprise_linux_for_power_little_endian_eus
- enterprise_linux_for_scientific_computing
- enterprise_linux_server_eus
- enterprise_linux_for_ibm_z_systems_eus
- enterprise_linux_workstation
- enterprise_linux_server
- enterprise_linux_for_power_little_endian
- enterprise_linux_for_power_big_endian
- enterprise_linux_desktop
- enterprise_linux
- enterprise_linux_server_update_services_for_sap_solutions
oracle
- http_server
- zfs_storage_appliance_kit
suse
- linux_enterprise_high_performance_computing
- enterprise_storage
- linux_enterprise_desktop
- linux_enterprise_server
- manager_server
- linux_enterprise_workstation_extension
- manager_proxy
siemens
- scalance_lpe9403_firmware
- scalance_lpe9403
- sinumerik_edge
starwindsoftware
- starwind_virtual_san
- starwind_hyperconverged_appliance
- command_center
polkit_project
- polkit
canonical
- ubuntu_linux