{"uuid": "8f66c437-25a7-4842-84dc-f85a553461dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4034", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/2990", "content": "Researchers from Qualys today published an advisory about a local privilege escalation vulnerability in the pkexec tool, that is installed as part of the Polkit (formerly PolicyKit) package.\n. . .\nNow, there are three scary things about this vulnerability:\n\n- It has been around for 12+ years (!!!) since it was introduced in a commit to pkexec in May 2009\n\n- The affected version of pkexec is installed with all popular Linux distributions: Ubuntu, Debian, Fedora and CentOS\n\n- It is very simple to create the exploit, and it works 100% reliable\n\n\nLocal privilege escalation vulnerability in polkit's pkexec (CVE-2021-4034)\nhttps://isc.sans.edu/diary/rss/28272\n\n\u041a\u043e\u043c\u043c\u0438\u0442 \u0441 \u043f\u0430\u0442\u0447\u0435\u043c\nhttps://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683", "creation_timestamp": "2022-01-26T06:00:41.000000Z"}