Cybersecurity Announcement: Linux Local Privilege Escalation Vulnerability (CVE-2021-4034 PwnKit)

About the Event

Qualys researchers discovered a Local Privilege Escalation vulnerability (CVE-2021-4034) in polkit’s pkexec, a program that is installed by default on every major Linux distribution.  Proof of concept code to exploit this vulnerability is now publicly available.

Update 6/29/2022

Cybersecurity & Infrastructure Security Agency (CISA) has added PwnKit (CVE-2021-4034) to the Known Exploited Vulnerabilities Catalog on June 27, 2022. Office of Cybersecurity encourages administrators to check for any servers that remains unpatched for PwnKit and patch as soon as possible.

Actions to Consider

Cybersecurity recommends applying the mitigations by running the command below to strip pkexec of the setuid bit or applying the OS patches as soon as possible. chmod 0755 /usr/bin/pkexec

Event Impact

Successful exploits of the pkexec vulnerability (CVE-2021-4034) allows attackers to obtain full root privileges on vulnerable Linux operating systems.  The exploit works even if polkit daemon is not running.

References

• https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
• https://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-root-on-all-major-distros-exploit-released/

  Jennifer Kuo