CVE-2021-4034

Name of the Vulnerable Software and Affected Versions polkit versions prior to 0.105-25+deb10u1 polkit versions prior to 0.105-31+deb11u1 policykit-1 versions prior to 0.105-4ubuntu3.14.04.6+esm1

Description A local privilege escalation issue exists in the pkexec utility of polkit. The pkexec application is a setuid tool that allows unprivileged users to execute commands as privileged users based on predefined policies. The utility fails to correctly handle the count of calling parameters, which can lead to an out-of-bounds write when processing command-line arguments. This memory corruption allows an attacker to induce pkexec to execute environment variables as commands, enabling the execution of arbitrary code. Successful exploitation grants an unprivileged local user administrative or root privileges on the target machine.

Recommendations Update policykit-1 packages to version 0.105-25+deb10u1 or later. Update policykit-1 packages to version 0.105-31+deb11u1 or later. Update libpolkit-backend-1-0, policykit-1-doc, libpolkit-agent-1-0, libpolkit-gobject-1-dev, libpolkit-gobject-1-0, policykit-1, gir1.2-polkit-1.0, libpolkit-backend-1-dev, and libpolkit-agent-1-dev to version 0.105-4ubuntu3.14.04.6+esm1 or later.