Polkit
Jump to navigation
Jump to search
↑ "CVE listing for CVE-2021-4034". Mitre. Retrieved January 25, 2022.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit's pkexec (CVE-2021-4034)". Qualys. January 25, 2022. Retrieved January 25, 2022.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
↑ "Major Linux PolicyKit security vulnerability uncovered: Pwnkit". ZDNet. January 25, 2022. Retrieved January 25, 2022.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
wikipedia:Polkit Authorization Framework
https://linux.die.net/man/8/polkit
pkexec
command included inpolicykit-1
package- PwnKit (CVE-2021-4034), CVSS: High severity
Vulnerability[edit]
A memory corruption vulnerability PwnKit (CVE-2021-4034[1]) discovered in the pkexec command (installed on all major Linux distributions) was announced on January 25, 2022.[2][3] The vulnerability dates back to the original distribution from 2009. The vulnerability received a CVSS score of 7.8 ("High severity") reflecting serious factors involved in a possible exploit: unprivileged users can gain full root privileges, regardless of the underlying machine architecture or whether the polkit daemon is running or not.
Related[edit]
See also[edit]
Advertising: