Polkit

wikipedia:Polkit Authorization Framework

https://linux.die.net/man/8/polkit

pkexec command included in policykit-1 package
PwnKit (CVE-2021-4034), CVSS: High severity

Vulnerability[edit]

A memory corruption vulnerability PwnKit (CVE-2021-4034^[1]) discovered in the pkexec command (installed on all major Linux distributions) was announced on January 25, 2022.^[2]^[3] The vulnerability dates back to the original distribution from 2009. The vulnerability received a CVSS score of 7.8 ("High severity") reflecting serious factors involved in a possible exploit: unprivileged users can gain full root privileges, regardless of the underlying machine architecture or whether the polkit daemon is running or not.

Related[edit]

Qualys

See also[edit]

↑ "CVE listing for CVE-2021-4034". Mitre. Retrieved January 25, 2022.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>

↑ "PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit's pkexec (CVE-2021-4034)". Qualys. January 25, 2022. Retrieved January 25, 2022.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>

↑ "Major Linux PolicyKit security vulnerability uncovered: Pwnkit". ZDNet. January 25, 2022. Retrieved January 25, 2022.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>

[1]

[2]

[3]

Polkit

Vulnerability[edit]

Related[edit]

See also[edit]

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools