Pwnkit Local Linux Privesc Affecting Most Distros CVE-2021–4034 (12-year-old vulnerability?!)

WhoAmI

Hey I am Nour, I am a Second Year Software Engineering student who is interested in cyber security especially red teaming, and I am an “IBM Cyber Security Student Community” Leader where we learn cyber security together, also I am an AWS Community Builder and a CTF player (Try Hack Me)

and today we will talk about a very easy way to become root in most Linux distros

NOTE: This Is For Educational Purposes Only

Introduction

Who found the vulnerability?

What is the vulnerability?

  • It is a memory corruption vulnerability in polkit’s pkexec

But what is polkit’s pkexec?

  • SUID-root program that is installed by default on every major Linux distribution (Ubuntu, Debian, Fedora, CentOS, …)
  • It provides an organized way for non-privileged processes to communicate with privileged processes

How does it work?

The out-of-bounds write enables the reintroduction of “unsecure” environment variables into pkexec’s environment and this leads to becoming root (For more information you can read the official blog)

Quick Patch for PWNKIT

chmod 0755 /usr/bin/pkexec

PoC

Resources

Newsletter

I will be sharing my learning journey, cyber security news, new CVEs and study resources, and more, feel free to subscribe 😊 and please don’t forget to drink water 🌊

⭐I love connecting with different people so if you want to say hi, I’ll be happy to meet you more! :)

LinkedIn
Twitter

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store