Polkit

From wikieduonline
Revision as of 15:31, 10 December 2023 by Welcome (talk | contribs) (→‎Vulnerability)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

wikipedia:Polkit Authorization Framework


https://linux.die.net/man/8/polkit

Vulnerability

A memory corruption vulnerability PwnKit (CVE-2021-4034[1]) discovered in the pkexec command (installed on all major Linux distributions) was announced on January 25, 2022.[2][3] The vulnerability dates back to the original distribution from 2009. The vulnerability received a CVSS score of 7.8 ("High severity") reflecting serious factors involved in a possible exploit: unprivileged users can gain full root privileges, regardless of the underlying machine architecture or whether the polkit daemon is running or not.

Related

See also

  • "CVE listing for CVE-2021-4034". Mitre. Retrieved January 25, 2022.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
  • "PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit's pkexec (CVE-2021-4034)". Qualys. January 25, 2022. Retrieved January 25, 2022.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
  • "Major Linux PolicyKit security vulnerability uncovered: Pwnkit". ZDNet. January 25, 2022. Retrieved January 25, 2022.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
  • Advertising: