Polkit security update-CVE-2021-4034

April 23, 2022

NAME

Polkit ProjectPolkit

  • Platforms Affected:
    Polkit

  • Risk Level:
    high

  • CVE Type:
    Privilege escalation

DESCRIPTION

CVE-2021-4034 is a privilege escalation vulnerability impacting Polkit versions 0.120 and earlier. A Metasploit module was observed in open source and subsequently shared in the underground. Additionally, a walk-through demo of an exploit was shared via Vimeo. Local access on the system is a prerequisite to exploit this issue. A successful exploitation of this vulnerability would allow an attacker to gain a root access on the vulnerable host.

CVSS Information:

  • CVSS 2.0 SCORE:
  • CVSS 3.0 SCORE: 7.8

  • Exploit Disclosed in the Public:
    true

  • Exploit Weaponised:
    true

  • PoC Link:
    hXXps://github[.]com/arthepsy/CVE-2021-4034

MITIGATION

Polkit Project addressed the vulnerability in a GitLab software development platform with a patch.

  • Reference Link:
    https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683

  • Patch Available:
    available

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

image

[MEOW] – Ransomware Victim: Zyloware

November 14, 2024
image

[MEOW] – Ransomware Victim: Cottles Asphalt Maintenance Inc

November 14, 2024
image

[MEOW] – Ransomware Victim: Karl Malone Toyota

November 14, 2024
image

[MEOW] – Ransomware Victim: Pine Belt Cars

November 14, 2024
image

[MEOW] – Ransomware Victim: J[.]S[.]T[.] Espana

November 14, 2024