What Is the CVE-2021-4034 Polkit Privilege Escalation Vulnerability?

Linux is widely known as a highly secure operating system. However, like any other system software, it can also fall victim to loopholes and vulnerabilities, the worst of which are privilege escalation vulnerabilities that allow an adversary to elevate your permissions and potentially take over an entire organization.

Polkit CVE-2021-4034 is a critical privilege escalation vulnerability that has gone undetected for over 12 years and affects all major Linux distributions. It is so devastating that a criticality rating of 8 was issued for the vulnerability. So what exactly is Polkit CVE-2021-4034 and how can you fix it?

What is Polkit Privilege Escalation Vulnerability CVE-2021-4034?

Polkit’s privilege escalation vulnerability is weaponized pkexec, an executable part of the Linux PolicyKit component. pkexec is an executable that allows a user to run commands as another user. The pkexec source code had loopholes that anyone could exploit to gain maximum privileges on a Linux system, ie become root user. This bug has been dubbed “Pwnkit” and is tracked as CVE-2021-4034.

Polkit vulnerability in Linux allows unprivileged users to execute malicious code as root. This is capable of a large number of destructive actions, including installing backdoors, a complete system takeover, and making permanent changes to the victim’s system.

How do you exploit the CVE-2021-4034 Polkit privilege escalation vulnerability?

Polkit is a package that ships with all major Linux distributions like Ubuntu, Fedora, and Debian, and server distributions like RHEL and CentOS. Defines and manages policies that allow non-privileged processes to communicate with privileged processes on a Linux system.

vulnerable pkexec source code

The Polkit component has an executable part, pkexec, which handles how a user can execute commands as another user. The root of the vulnerability is in the source code of this executable.

The Pwnkit exploit essentially abuses how *NIX systems process arguments and uses out-of-bounds read and write mechanisms to inject insecure environment variables to gain root privileges. If you want to go deeper into the technical aspects of this exploit, see the official safety notice by the researchers who reported this vulnerability.

Who is affected by the CVE-2021-4034 vulnerability?

This vulnerability is easy to exploit and widespread, as the affected component, Policy Kit, ships with major distributions by default; Attackers will aggressively try and gain advantage by exploiting this vulnerability in cloud environments, the space of operations for major enterprises.

Victims of this vulnerability include, but are not limited to, Ubuntu, Fedora, CentOS, and Red Hat 8. As of this writing, the vulnerability has been fixed in all the latest versions of the distributions. So, check the build version of your distribution and update it as soon as possible.

How to fix Polkit privilege escalation vulnerability CVE-2021-4034 and are you safe?

If you’re running the latest version of your Linux distribution, then you don’t need to worry about the Polkit vulnerability. But, as a security check, run this command to check the version of the PolicyKit package installed on your system:

dpkg -s policykit-1

If the output of this command returns a version equal to or lower than 0.105.18, your system is vulnerable and requires an update. To fix the CVE-2021-4034 Polkit privilege escalation vulnerability, update your Linux distribution to the latest version.

On the Ubuntu/Debian derivatives, run:

sudo apt-get -y update && sudo apt-get -y upgrade

On Arch Linux, run:

sudo pacman -Syyu

On Red Hat/Fedora/CentOS, issue this command:

sudo dnf update && sudo dnf upgrade

Protect your Linux servers and systems from devastating exploits

According to Linux server statistics, Linux is the operating system that powers more than a million web servers. This data should be enough to illustrate the scope of the CVE-2021-4034 Polkit vulnerability and how devastating it could be.

To add to it, just like Dirty Pipe, there is no other way to mitigate it other than by upgrading your system. Therefore, web servers and systems running susceptible versions of Polkit will be in for a world of trouble if they are affected by an exploit.

All people and server maintainers are advised to upgrade and update their systems. In case updating the entire system is not an option, you can individually update the polkit package to improve the security of your server.

Leave a Reply

Your email address will not be published. Required fields are marked *