← Retour aux CVEs
CVE-2021-4034
HIGHCISA KEV7.8
Description
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie1/28/2022
Derniere modification11/6/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurRed Hat
ProduitPolkit
Nom vulnerabiliteRed Hat Polkit Out-of-Bounds Read and Write Vulnerability
Date ajout KEV2022-06-27
Date limite remediation2022-07-18
Utilise dans ransomwareUnknown
Produits affectes
canonical:ubuntu_linuxoracle:http_serveroracle:zfs_storage_appliance_kitpolkit_project:polkitredhat:enterprise_linuxredhat:enterprise_linux_desktopredhat:enterprise_linux_eusredhat:enterprise_linux_for_ibm_z_systemsredhat:enterprise_linux_for_ibm_z_systems_eusredhat:enterprise_linux_for_power_big_endianredhat:enterprise_linux_for_power_little_endianredhat:enterprise_linux_for_power_little_endian_eusredhat:enterprise_linux_for_scientific_computingredhat:enterprise_linux_serverredhat:enterprise_linux_server_ausredhat:enterprise_linux_server_eusredhat:enterprise_linux_server_tusredhat:enterprise_linux_server_update_services_for_sap_solutionsredhat:enterprise_linux_workstationsiemens:scalance_lpe9403siemens:scalance_lpe9403_firmwaresiemens:sinumerik_edgestarwindsoftware:command_centerstarwindsoftware:starwind_virtual_sansuse:enterprise_storagesuse:linux_enterprise_desktopsuse:linux_enterprise_high_performance_computingsuse:linux_enterprise_serversuse:linux_enterprise_workstation_extensionsuse:manager_proxysuse:manager_server
Faiblesses (CWE)
CWE-787CWE-125CWE-787
References
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html(secalert@redhat.com)
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html(secalert@redhat.com)
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=2025869(secalert@redhat.com)
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf(secalert@redhat.com)
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683(secalert@redhat.com)
https://www.oracle.com/security-alerts/cpuapr2022.html(secalert@redhat.com)
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt(secalert@redhat.com)
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/(secalert@redhat.com)
https://www.starwindsoftware.com/security/sw-20220818-0001/(secalert@redhat.com)
https://www.suse.com/support/kb/doc/?id=000020564(secalert@redhat.com)
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=2025869(af854a3a-2127-422b-91ae-364da2661108)
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683(af854a3a-2127-422b-91ae-364da2661108)
https://www.oracle.com/security-alerts/cpuapr2022.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt(af854a3a-2127-422b-91ae-364da2661108)
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/(af854a3a-2127-422b-91ae-364da2661108)
https://www.starwindsoftware.com/security/sw-20220818-0001/(af854a3a-2127-422b-91ae-364da2661108)
https://www.suse.com/support/kb/doc/?id=000020564(af854a3a-2127-422b-91ae-364da2661108)
https://www.vicarius.io/vsociety/posts/pwnkit-pkexec-lpe-cve-2021-4034(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-4034(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.