CVE-2021-4034
CVE-2021-4034
En resumen
Un fallo en la herramienta pkexec de polkit permite que usuarios sin privilegios ejecuten comandos arbitrarios con derechos administrativos manipulando variables de entorno. Esto ocurre porque pkexec procesa incorrectamente sus parámetros de entrada y ejecuta accidentalmente variables de entorno como si fueran comandos.
Detalle técnico
CVE-2021-4034 es un desbordamiento de búfer (CWE-787) en el análisis de argumentos de pkexec que causa la interpretación de variables de entorno como comandos ejecutables. Un atacante local sin privilegios puede crear variables de entorno maliciosas para lograr ejecución arbitraria de código con privilegios de root; la vulnerabilidad requiere solo acceso local y sin autenticación, resultando en escalada completa de privilegios.
Resumen generado y traducido por IA a partir de la descripción oficial.
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · polkitPoCs públicas encontradas — 76
githubgithub.com/berdav/CVE-2021-4034★ 2040githubgithub.com/ly4k/PwnKit★ 1312githubgithub.com/arthepsy/CVE-2021-4034★ 1156githubgithub.com/PwnFunction/CVE-2021-4034★ 351githubgithub.com/dadvlingd/CVE-2021-4034★ 20githubgithub.com/chenaotian/CVE-2021-4034★ 12githubgithub.com/wudicainiao/cve-2021-4034★ 10githubgithub.com/rvzsec/CVE-2021-4034★ 8githubgithub.com/Y3A/CVE-2021-4034★ 4githubgithub.com/tahaafarooq/poppy★ 4githubgithub.com/artemis-mike/cve-2021-4034★ 3githubgithub.com/Pixailz/CVE-2021-4034★ 2githubgithub.com/jayhutajulu1/PwnKit-CVE-2021-4034★ 2githubgithub.com/wechicken456/CVE-2021-4034-CTF-writeup★ 2githubgithub.com/Nosferatuvjr/PwnKit★ 2githubgithub.com/A1vinSmith/CVE-2021-4034★ 1githubgithub.com/jehovah2002/CVE-2021-4034-pwnkit★ 1githubgithub.com/ropydev/CVE-2021-4034-PwnKit★ 1githubgithub.com/mutur4/CVE-2021-4034★ 1githubgithub.com/h3x0v3rl0rd/CVE-2021-4034_Python3★ 1githubgithub.com/CYB3RK1D/CVE-2021-4034-POC★ 1githubgithub.com/jscamposx/hack★ 1githubgithub.com/dr4xp/pwnkit-helper★ 1githubgithub.com/cdxiaodong/CVE-2021-4034-touch★ 1githubgithub.com/devianntsec/CVE-2021-4034★ 1githubgithub.com/usmansec/-CVE-2021-4034★ 1githubgithub.com/trinetra-1308/PwnKit-★ 1githubgithub.com/xcanwin/CVE-2021-4034-UniontechOS★ 1githubgithub.com/nagorealbisu/CVE-2021-4034★ 0githubgithub.com/igonzalez357/CVE-2021-4034-PwnKit-★ 0githubgithub.com/ikerSandoval003/CVE-2021-4034★ 0githubgithub.com/AsierEgana/cve-2021-4034★ 0githubgithub.com/Z3R0space/CVE-2021-4034★ 0githubgithub.com/Milad-Rafie/PwnKit-Local-Privilege-Escalation-Vulnerability-Discovered-in-polkit-s-pkexec-CVE-2021-4034★ 0githubgithub.com/kali-guru/Pwnkit-CVE-2021-4034★ 0githubgithub.com/BugVex/Poison-HTB-Report★ 0githubgithub.com/boro03/CVE-2021-4034★ 0githubgithub.com/ramahmdr/PwnKit★ 0githubgithub.com/Abbykito/KERNELexploits★ 0githubgithub.com/Allu-mette/cve-2021-4034★ 0githubgithub.com/vaibhavkrishna12004/ubuntu-privesc-lab★ 0githubgithub.com/Murguii/DEV-CVE-2021-4034★ 0githubgithub.com/B1gN0Se/PwnKit_CVE-2021-4034★ 0githubgithub.com/vorkampfer/pwnkit_safety_check★ 0githubgithub.com/Leemyunglyul/cve-2021-4034-mock★ 0githubgithub.com/marcosChoucino/CVE-2021-4034★ 0githubgithub.com/galoget/PwnKit-CVE-2021-4034★ 0githubgithub.com/0x4ndy/CVE-2021-4034-PoC★ 0githubgithub.com/antoinenguyen-09/CVE-2021-4034★ 0githubgithub.com/TanmoyG1800/CVE-2021-4034★ 0githubgithub.com/CronoX1/CVE-2021-4034★ 0githubgithub.com/supportingmx/cve-2021-4034★ 0githubgithub.com/HellGateCorp/pwnkit★ 0githubgithub.com/Silencecyber/cve-2021-4034★ 0githubgithub.com/Geni0r/cve-2021-4034-poc★ 0githubgithub.com/toecesws/CVE-2021-4034★ 0githubgithub.com/fei9747/CVE-2021-4034★ 0githubgithub.com/pyhrr0/pwnkit★ 0githubgithub.com/ps-interactive/lab_cve-2021-4034-polkit-emulation-and-detection★ 0githubgithub.com/asepsaepdin/CVE-2021-4034★ 0githubgithub.com/JohnGilbert57/CVE-2021-4034-Capture-the-flag★ 0githubgithub.com/Part01-Pai/Polkit-Permission-promotion-compiled★ 0githubgithub.com/LucasPDiniz/CVE-2021-4034★ 0githubgithub.com/Pol-Ruiz/CVE-2021-4034★ 0githubgithub.com/cerodah/CVE-2021-4034★ 0githubgithub.com/FancySauce/PwnKit-CVE-2021-4034★ 0githubgithub.com/ASG-CASTLE/CVE-2021-4034★ 0githubgithub.com/X-Projetion/Exploiting-PwnKit-CVE-2021-4034-★ 0githubgithub.com/evkl1d/CVE-2021-4034★ 0githubgithub.com/zxybfq/CVE-2021-4034★ 0githubgithub.com/EuJin03/CVE-2021-4034-PoC★ 0githubgithub.com/dh4r4/PwnKit-CVE-2021-4034-★ 0githubgithub.com/12bijaya/CVE-2021-4034-PwnKit-★ 0cve_referencepacketstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.htmlno verificadoexploitdbwww.exploit-db.com/exploits/50689no verificadocve_referencepacketstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.htmlno verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.htmlhttps://access.redhat.com/security/vulnerabilities/RHSB-2022-001https://bugzilla.redhat.com/show_bug.cgi?id=2025869https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdfhttps://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txthttps://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/https://www.starwindsoftware.com/security/sw-20220818-0001/https://www.suse.com/support/kb/doc/?id=000020564