Table of Contents
January 27, 2022
|7m
How To Fix The Polkit Privilege Escalation Vulnerability (CVE-2021-4034)
The Qualys Research Team has disclosed a 12-year-old memory corruption vulnerability in polkit’s pkexec. The vulnerability is tracked as CVE-2021-4034 allows any unprivileged user to gain full root privileges on a vulnerable Linux machine. The research team confirmed that it has successfully tested this vulnerability on Ubuntu, Debian, Fedora, and CentOS with the default configuration. Since Plokit is part of the default packages on most Linux distributions, we can say that the whole Linux community is under threat. It is essential to fix the CVE-2021-4034 vulnerability as the flaw is being exploited in the wild. In this post, let’s see how to fix Polkit privilege escalation vulnerability in Linux machines.
What Is Polkit?
Polkit is formally known as PolicyKit, is a component for controlling system-wide privileges in Unix-like operating systems. It is developed to establish communication between non-privileged and privileged processes in an organized way. Pkexec is a command utility in Polkit used to execute commands with elevated privileges. A user can use pkexec as an alternative to sudo. If an unprivileged user wants to execute a command with root privileges, the user needs to prefix pkexec to the command intended to be executed. Pkexec command allows an unauthorized user to execute a command as another user. If no username is specified, the command will be executed as root.
To be more clear, Polkit is a small toolkit used for defining and handling authorizations on Unix/Linux platforms. It helps the unprivileged process to securely communicate with the privileged process. In essence, it stops unprivileged users from executing admin tasks. When a user tries to run a privileged task from $ prompt on Linux systems, the system will ask to enter a superuser password. That system is actually the Polkit service which is running under the line of control. It is installed by default on many Linux distributions. It’s used by the system, so any Linux distribution that uses systemd that also uses polkit.
Created by GitHub
About The Polkit Privilege Escalation Vulnerability (CVE-2021-4034):
The vulnerability is due to improper handling of command-line arguments by the pkexec tool. The report says, is a memory corruption vulnerability exists in polkit’s pkexec command that allows an unauthorized user to execute a command as another user. Successful exploitation of this vulnerability allows any unprivileged user to gain full root privileges on the vulnerable Linux machine. Since Polkit is part of the basic installation package in most of the Linux distributions, the whole Linux platform is considered vulnerable to the Polkit privilege escalation vulnerability.
The best thing about the flaw is that the flaw is not remotely exploitable. The attacker should have access to the machine to exploit the vulnerability.
Created by Qualys
| Associated CVE ID | CVE-2021-4034 |
| Description | A local privilege escalation in Polkit’s pkexec |
| Associated ZDI ID | – |
| CVSS Score | 7.8 |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Impact Score | – |
| Exploitability Score | – |
| Attack Vector (AV) | Local |
| Attack Complexity (AC) | Low |
| Privilege Required (PR) | Low |
| User Interaction (UI) | None |
| Scope | Unchanged |
| Confidentiality (C) | High |
| Integrity (I) | High |
| availability (a) | High |
This is the second privilege escalation vulnerability in Polkit after the discloser of CVE-2021-3560 in June 2021.
Linux Distributions Affected By The Polkit Privilege Escalation Vulnerability (CVE-2021-4034):
The flaw is successfully tested on Ubuntu, Debian, Fedora, and CentOS with default configuration. Since Polkit is part of the default installation package in most of the Linux distributions and all Polkit versions from 2009 onwards are vulnerable., the whole Linux platform is considered vulnerable to the Polkit privilege escalation vulnerability.
Major Linux Distributions Affected By The Polkit Privilege Escalation Vulnerability Are:
RedHat:
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Virtualization 4
Ubuntu:
Ubuntu 21.10
Ubuntu 20.04
Ubuntu 18.04
Ubuntu 16.04
Ubuntu 14.04
Suse:
HPE Helion Openstack 8
SUSE CaaS Platform 4.0
SUSE Enterprise Storage 6
SUSE Enterprise Storage 7
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise Micro 5
SUSE Linux Enterprise Module for Basesystem 15
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Software Development Kit 12
SUSE Manager Proxy 4
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
openSUSE Leap 15
Note: SUSE Linux Enterprise 11 is not affected, as it uses the older generation PolicyKit-1.
How To Test The Polkit Privilege Escalation Vulnerability (CVE-2021-4034)?
It is easy to test the Polkit privilege escalation vulnerability using the readily available exploit. The exploit is available on Github.
Just you need to download the exploit, compel and execute it. Follow these simple four commands to exploit the Polkit vulnerability. These commends will take you to the ‘#’ root prompt if the system is vulnerable.
Step 1. Install Git
$ sudo apt install git (On Ubuntu)
$ sudo yum install git (On RHEL)
Step 2. Clone the exploit script from Github
$ git clone https://github.com/berdav/CVE-2021-4034.git
Step 3. Change directory into ‘CVE-2021-4034’
$ cd CVE-2021-4034/
Step 4. Compile the script using ‘make’ command
$ make
Step 5. Test the Polkit Privilege Escalation Vulnerability
$ ./cve-2021-4034
How To Discover Assets Vulnerable To Polkit Privilege Escalation Vulnerability?
Testing each machine on the network is a laborious task, and manual testing is impossible for large companies. The companies should use automated scripts, vulnerability scanner applications, or orchestration solutions like Ansible to detect Polkit privilege escalation vulnerable assets.
RedHat has created a detection script to determine if your system is vulnerable to Polkit privilege escalation vulnerability. Additionally, RedHat has developed an Ansible Playbook, which helps implement the mitigation on the vulnerable hosts.
Qualys VMDR is another good solution to discover the vulnerable assets on the network. Qualys has developed a query for Qualys VMDR users. Run this query in Qualys VMDR to discover assets vulnerable to Polkit privilege escalation vulnerability.
Query: operatingSystem.category1:`Linux`
How To Fix The Polkit Privilege Escalation Vulnerability (CVE-2021-4034)?
All major Linux distributions have released security updates and new fixed version of Polkit. Please don’t miss to see the advisories released by the Linux Distributions for more information.
Ubuntu: https://ubuntu.com/security/notices/USN-5252-1
RedHat: https://access.redhat.com/security/vulnerabilities/RHSB-2022-001
Debian: https://security-tracker.debian.org/tracker/CVE-2021-4034
SUSE: https://www.suse.com/security/cve/CVE-2021-4034.html
The procedure to fix the Plokit privilege escalation vulnerability is very simple. You can either download the packages (fixed the flaw) from the Linux distribution websites (Provided in the previous section) or upgrade the package alone. Or run the system update. The problem could be fixed after running the system update.
Use This Command To Update The Polkit Package On Ubuntu:
$ sudo apt install <package name>Use This Command To Update The Polkit Package On RedHat Or CentOS:
$ sudo yum install <package name>Use These Command If You Want To Update The System:
$ sudo apt update && sudo apt upgrade
$ sudo yum update && sudo yum upgradeThose who can’t apply the patches, there is a workaround for them. Run this command to strip pkexec of the setuid bit.
$ chmod 0755 /usr/bin/pkexecWe hope this post would help you know How to Fix the Polkit Privilege Escalation Vulnerability (CVE-2021-4034) in in Linus machines. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page in Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
You may also like these articles:
What Is A Privilege Escalation Attack? How To Prevent Privilege Escalation Attacks?
How To Fix The Dirty Pipe Vulnerability In Linux Kernel- CVE-2022-0847
How To Fix CVE-2022-0492- Privilege Escalation And Container Escape Vulnerabilities In Cgroups
How To Fix CVE-2021-44731 (Oh Snap!)- A Privilege Escalation Vulnerability In Snap Package Manager
Step By Step Procedure To Fix The Plokit Vulnerability (CVE-2021-3560)
Arun KL
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
- November 20, 2024
Learn Something New with Free Email subscription
Learn Something New with Free Email subscription
Subscribe
Subscribe
Subscribe
Subscribe
- November 20, 2024
