Difference between revisions of "Polkit"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
 
(12 intermediate revisions by the same user not shown)
Line 4: Line 4:
 
https://linux.die.net/man/8/polkit
 
https://linux.die.net/man/8/polkit
  
* [[pkexec]]
+
* <code>[[pkexec]]</code> command included in <code>[[policykit-1]]</code> package
 +
* [[PwnKit]] ([[CVE]]-2021-4034), [[CVSS]]: High severity
  
 +
==Vulnerability==
 +
A memory corruption vulnerability '''PwnKit''' ([[Common Vulnerabilities and Exposures|CVE-2021-4034]]<ref>{{cite web|url=https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4034|website=Mitre|title=CVE listing for CVE-2021-4034|accessdate=January 25, 2022}}</ref>) discovered in the ''pkexec'' command (installed on all major Linux distributions) was announced on January 25, 2022.<ref>{{cite web|url=https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034|website=Qualys|title=PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit's pkexec (CVE-2021-4034)|date=January 25, 2022|accessdate=January 25, 2022}}</ref><ref>{{cite web|url=https://www.zdnet.com/article/major-linux-policykit-security-vulnerability-uncovered-pwnkit/|title=Major Linux PolicyKit security vulnerability uncovered: Pwnkit|website=ZDNet|date=January 25, 2022|accessdate=January 25, 2022}}</ref>  The vulnerability dates back to the original distribution from 2009. The vulnerability received a [[Common Vulnerability Scoring System|CVSS score]] of 7.8 ("High severity") reflecting serious factors involved in a possible exploit: unprivileged users can gain full root privileges, regardless of the underlying machine architecture or whether the ''polkit'' daemon is running or not.
 +
 +
== Related ==
 +
* [[Qualys]]
  
 
== See also ==
 
== See also ==
 +
* {{polkit}}
 +
* {{Policykit}}
 
* {{become}}
 
* {{become}}
* {{linux}}
 
  
 
[[Category:Linux]]
 
[[Category:Linux]]

Latest revision as of 15:31, 10 December 2023

wikipedia:Polkit Authorization Framework


https://linux.die.net/man/8/polkit

Vulnerability[edit]

A memory corruption vulnerability PwnKit (CVE-2021-4034[1]) discovered in the pkexec command (installed on all major Linux distributions) was announced on January 25, 2022.[2][3] The vulnerability dates back to the original distribution from 2009. The vulnerability received a CVSS score of 7.8 ("High severity") reflecting serious factors involved in a possible exploit: unprivileged users can gain full root privileges, regardless of the underlying machine architecture or whether the polkit daemon is running or not.

Related[edit]

See also[edit]

  • "CVE listing for CVE-2021-4034". Mitre. Retrieved January 25, 2022.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
  • "PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit's pkexec (CVE-2021-4034)". Qualys. January 25, 2022. Retrieved January 25, 2022.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
  • "Major Linux PolicyKit security vulnerability uncovered: Pwnkit". ZDNet. January 25, 2022. Retrieved January 25, 2022.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
  • Advertising: