Main Vulnerability Database Exploits ID:7310 - Exploit for Input validation error in polkit - CVE-2021-4034

ID:7310 - Exploit for Input validation error in polkit - CVE-2021-4034

Published: January 31, 2022

Vulnerability identifier: #VU60007

Vulnerability risk: Medium

CVE-ID: CVE-2021-4034

CWE-ID: CWE-20

Exploitation vector: Local access

Vulnerable software:
polkit

Link to public exploit:

https://github.com/c3c/CVE-2021-4034

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper handling of the calling parameters count in the pkexec setuid binary, which causes the binary to execute environment variables as commands. A local user can craft environment variables in a way that they will be processed and executed by pkexec and execute arbitrary commands on the system as root.

Remediation

Install update from vendor's website.

ID:7310 - Exploit for Input validation error in polkit - CVE-2021-4034

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human