/

CVE-2021-4034 Report - Details, Severity, & Advisories

CVE-2021-4034 Report - Details, Severity, & Advisories

Twingate Team

Dec 10, 2023

CVE-2021-4034 is a high-severity vulnerability that affects various software configurations and systems, including those running polkit's pkexec utility. This local privilege escalation vulnerability allows unprivileged users to execute arbitrary code and gain administrative rights on the target machine. It occurs due to incorrect handling of calling parameters count, leading to the execution of environment variables as commands.

How do I know if I'm affected?

If you're concerned about this vulnerability, it's a local privilege escalation issue found in polkit's pkexec utility. This flaw can allow an attacker to execute arbitrary code and gain administrative rights on the target machine. The vulnerability affects various software configurations, including different versions of polkit, Red Hat Enterprise Linux, Ubuntu Linux, SUSE Linux, Oracle products, Siemens products, and StarWind Software products.

What should I do if I'm affected?

If you're affected by the this vulnerability, it's crucial to update your system as soon as possible. Follow these steps to protect your system:

  1. Update the polkit package once it's available.

  2. If you can't update immediately, follow the mitigation steps provided by Red Hat, which involve installing systemtap packages, polkit debug info, creating a systemtap script, and loading the systemtap module into the running kernel.

  3. After updating the polkit package, remove the systemtap generated kernel module.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

This vulnerability, also known as the Red Hat Polkit Out-of-Bounds Read and Write Vulnerability, is listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on June 27, 2022, and the due date for required action is July 18, 2022. The required action is to apply updates per vendor instructions. In simple terms, this vulnerability allows a local user to gain higher privileges on a system by exploiting a flaw in the pkexec program of the polkit package. By manipulating variables, an attacker can execute commands as a privileged user without authentication.

Weakness enumeration

The weakness enumeration summary includes two CWE IDs associated with the vulnerability: CWE-787 (Out-of-bounds Write) and CWE-125 (Out-of-bounds Read). The vulnerability is a local privilege escalation in pkexec due to incorrect handling of the argument vector, affecting the polkit package.

For more details

The CVE-2021-4034 vulnerability is a significant security issue that affects the polkit's pkexec utility, allowing local privilege escalation. Various resources provide in-depth information, mitigation steps, and updates for affected products. For a comprehensive understanding of this vulnerability and its implications, we recommend visiting the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2021-4034 Report - Details, Severity, & Advisories

CVE-2021-4034 Report - Details, Severity, & Advisories

Twingate Team

Dec 10, 2023

CVE-2021-4034 is a high-severity vulnerability that affects various software configurations and systems, including those running polkit's pkexec utility. This local privilege escalation vulnerability allows unprivileged users to execute arbitrary code and gain administrative rights on the target machine. It occurs due to incorrect handling of calling parameters count, leading to the execution of environment variables as commands.

How do I know if I'm affected?

If you're concerned about this vulnerability, it's a local privilege escalation issue found in polkit's pkexec utility. This flaw can allow an attacker to execute arbitrary code and gain administrative rights on the target machine. The vulnerability affects various software configurations, including different versions of polkit, Red Hat Enterprise Linux, Ubuntu Linux, SUSE Linux, Oracle products, Siemens products, and StarWind Software products.

What should I do if I'm affected?

If you're affected by the this vulnerability, it's crucial to update your system as soon as possible. Follow these steps to protect your system:

  1. Update the polkit package once it's available.

  2. If you can't update immediately, follow the mitigation steps provided by Red Hat, which involve installing systemtap packages, polkit debug info, creating a systemtap script, and loading the systemtap module into the running kernel.

  3. After updating the polkit package, remove the systemtap generated kernel module.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

This vulnerability, also known as the Red Hat Polkit Out-of-Bounds Read and Write Vulnerability, is listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on June 27, 2022, and the due date for required action is July 18, 2022. The required action is to apply updates per vendor instructions. In simple terms, this vulnerability allows a local user to gain higher privileges on a system by exploiting a flaw in the pkexec program of the polkit package. By manipulating variables, an attacker can execute commands as a privileged user without authentication.

Weakness enumeration

The weakness enumeration summary includes two CWE IDs associated with the vulnerability: CWE-787 (Out-of-bounds Write) and CWE-125 (Out-of-bounds Read). The vulnerability is a local privilege escalation in pkexec due to incorrect handling of the argument vector, affecting the polkit package.

For more details

The CVE-2021-4034 vulnerability is a significant security issue that affects the polkit's pkexec utility, allowing local privilege escalation. Various resources provide in-depth information, mitigation steps, and updates for affected products. For a comprehensive understanding of this vulnerability and its implications, we recommend visiting the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2021-4034 Report - Details, Severity, & Advisories

Twingate Team

Dec 10, 2023

CVE-2021-4034 is a high-severity vulnerability that affects various software configurations and systems, including those running polkit's pkexec utility. This local privilege escalation vulnerability allows unprivileged users to execute arbitrary code and gain administrative rights on the target machine. It occurs due to incorrect handling of calling parameters count, leading to the execution of environment variables as commands.

How do I know if I'm affected?

If you're concerned about this vulnerability, it's a local privilege escalation issue found in polkit's pkexec utility. This flaw can allow an attacker to execute arbitrary code and gain administrative rights on the target machine. The vulnerability affects various software configurations, including different versions of polkit, Red Hat Enterprise Linux, Ubuntu Linux, SUSE Linux, Oracle products, Siemens products, and StarWind Software products.

What should I do if I'm affected?

If you're affected by the this vulnerability, it's crucial to update your system as soon as possible. Follow these steps to protect your system:

  1. Update the polkit package once it's available.

  2. If you can't update immediately, follow the mitigation steps provided by Red Hat, which involve installing systemtap packages, polkit debug info, creating a systemtap script, and loading the systemtap module into the running kernel.

  3. After updating the polkit package, remove the systemtap generated kernel module.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

This vulnerability, also known as the Red Hat Polkit Out-of-Bounds Read and Write Vulnerability, is listed in CISA's Known Exploited Vulnerabilities Catalog. It was added on June 27, 2022, and the due date for required action is July 18, 2022. The required action is to apply updates per vendor instructions. In simple terms, this vulnerability allows a local user to gain higher privileges on a system by exploiting a flaw in the pkexec program of the polkit package. By manipulating variables, an attacker can execute commands as a privileged user without authentication.

Weakness enumeration

The weakness enumeration summary includes two CWE IDs associated with the vulnerability: CWE-787 (Out-of-bounds Write) and CWE-125 (Out-of-bounds Read). The vulnerability is a local privilege escalation in pkexec due to incorrect handling of the argument vector, affecting the polkit package.

For more details

The CVE-2021-4034 vulnerability is a significant security issue that affects the polkit's pkexec utility, allowing local privilege escalation. Various resources provide in-depth information, mitigation steps, and updates for affected products. For a comprehensive understanding of this vulnerability and its implications, we recommend visiting the NVD page or the links below.