Critical Vulnerability found in Linux - Polkit Privilege Escalation (CVE-2021-4034)
Tony Baylis
3rd Line Consultant - Security

We’ve been made aware of a critical vulnerability on the pkexec process that can be found in a large amount of major Linux distributions. This vulnerability has been present since the processes introduction in May 2009.

What is Pkexec?

PkExec is included by default in many distributions of Linux and allows a user to execute commands as another user which, effectively acts as a gate keeper to administrative privileges on a system.

What is the vulnerability?

In this instance, a malicious actor could exploit pkexec to gain full (or root) permissions over a system running the vulnerable executable.

A proof of concept demonstration was created by Qualys that can be found here

What can we do?

Patches are currently being developed for this vulnerability, however for the moment there are workarounds:

RedHat - CVE-2021-4034- Red Hat Customer Portal

All others: Run “chmod 0755 /usr/bin/pkexec” to remove the SUID-bit which is a special permission where a file always executes as the owner of the file (in this case root). Note: This is a temporary fix.

Further reading: PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034) | Qualys Security Blog

Full Name