Skip to content

Al1ex/CVE-2021-4034

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

img

img

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

cve-2021-4034.c

cve-2021-4034.c

 
 

pwnkit.c

pwnkit.c

 
 

Repository files navigation

Information

Exploit Title: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
Date: 01/25/2022
Exploit Author: Qualys Research Team
Tested on: ubuntu 20.04.1 LTS
CVE ID: CVE-2021-27928

How to Exploit

Test Environment:

img

Step 1:build the exp(From https://github.com/berdav/CVE-2021-4034)

make

img

Step 2:run exploit and get a root shell

img

Analysis Detail

https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

Reference

https://github.com/berdav/CVE-2021-4034

https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt

Disclosure Timeline

  • 2021-11-18: Advisory sent to secalert@redhat.
  • 2022-01-11: Advisory and patch sent to distros@openwall.
  • 2022-01-25: Coordinated Release Date (5:00 PM UTC).

About

Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)

Topics

pkexec cve-2021-4034

Resources

Readme
Activity

Stars

3 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages