A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

Metrics

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is in the KEV database since June 27, 2022.

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Canonical
  • Ubuntu Linux
Oracle
  • Http Server
  • Zfs Storage Appliance Kit
Polkit Project
  • Polkit
Redhat
  • Enterprise Linux
  • Enterprise Linux Desktop
  • Enterprise Linux Eus
  • Enterprise Linux For Ibm Z Systems
  • Enterprise Linux For Ibm Z Systems Eus
  • Enterprise Linux For Power Big Endian
  • Enterprise Linux For Power Little Endian
  • Enterprise Linux For Power Little Endian Eus
  • Enterprise Linux For Scientific Computing
  • Enterprise Linux Server
  • Enterprise Linux Server Aus
  • Enterprise Linux Server Eus
  • Enterprise Linux Server Tus
  • Enterprise Linux Server Update Services For Sap Solutions
  • Enterprise Linux Workstation
  • Rhel Aus
  • Rhel E4s
  • Rhel Els
  • Rhel Eus
  • Rhel Tus
  • Rhev Hypervisor
Siemens
  • Scalance Lpe9403
  • Scalance Lpe9403 Firmware
  • Sinumerik Edge
Starwindsoftware
  • Command Center
  • Starwind Virtual San
Suse
  • Enterprise Storage
  • Linux Enterprise Desktop
  • Linux Enterprise High Performance Computing
  • Linux Enterprise Server
  • Linux Enterprise Workstation Extension
  • Manager Proxy
  • Manager Server

Configuration 1 [-]

cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*

Configuration 4 [-]

OR cpe:2.3:a:suse:enterprise_storage:7.0:*:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:*:*:-:*:*:*
cpe:2.3:a:suse:manager_proxy:4.1:*:*:*:*:*:*:*
cpe:2.3:a:suse:manager_server:4.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:-:*:*
cpe:2.3:o:suse:linux_enterprise_server:15:sp2:*:*:*:sap:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5:*:*:*:*:*:*

Configuration 5 [-]

OR cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

Configuration 6 [-]

cpe:2.3:a:siemens:sinumerik_edge:*:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:siemens:scalance_lpe9403_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:siemens:scalance_lpe9403:-:*:*:*:*:*:*:*

Configuration 8 [-]

OR cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*
cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6 Extended Lifecycle Support
polkit-0:0.96-11.el6_10.2 cpe:/o:redhat:rhel_els:6 RHSA-2022:0269 2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7
polkit-0:0.112-26.el7_9.1 cpe:/o:redhat:enterprise_linux:7 RHSA-2022:0274 2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.3 Advanced Update Support
polkit-0:0.112-12.el7_3.1 cpe:/o:redhat:rhel_aus:7.3 RHSA-2022:0270 2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.4 Advanced Update Support
polkit-0:0.112-12.el7_4.2 cpe:/o:redhat:rhel_aus:7.4 RHSA-2022:0272 2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.6 Advanced Update Support
polkit-0:0.112-18.el7_6.3 cpe:/o:redhat:rhel_aus:7.6 RHSA-2022:0271 2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.6 Telco Extended Update Support
polkit-0:0.112-18.el7_6.3 cpe:/o:redhat:rhel_tus:7.6 RHSA-2022:0271 2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions
polkit-0:0.112-18.el7_6.3 cpe:/o:redhat:rhel_e4s:7.6 RHSA-2022:0271 2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.7 Advanced Update Support
polkit-0:0.112-22.el7_7.2 cpe:/o:redhat:rhel_aus:7.7 RHSA-2022:0273 2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.7 Telco Extended Update Support
polkit-0:0.112-22.el7_7.2 cpe:/o:redhat:rhel_tus:7.7 RHSA-2022:0273 2022-01-25T00:00:00Z
Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions
polkit-0:0.112-22.el7_7.2 cpe:/o:redhat:rhel_e4s:7.7 RHSA-2022:0273 2022-01-25T00:00:00Z
Red Hat Enterprise Linux 8
polkit-0:0.115-13.el8_5.1 cpe:/o:redhat:enterprise_linux:8 RHSA-2022:0267 2022-01-25T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
polkit-0:0.115-9.el8_1.2 cpe:/o:redhat:rhel_e4s:8.1 RHSA-2022:0268 2022-01-25T00:00:00Z
Red Hat Enterprise Linux 8.2 Extended Update Support
polkit-0:0.115-11.el8_2.2 cpe:/o:redhat:rhel_eus:8.2 RHSA-2022:0265 2022-01-25T00:00:00Z
Red Hat Enterprise Linux 8.4 Extended Update Support
polkit-0:0.115-11.el8_4.2 cpe:/o:redhat:rhel_eus:8.4 RHSA-2022:0266 2022-01-25T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7
redhat-virtualization-host-0:4.3.21-20220126.0.el7_9 cpe:/o:redhat:enterprise_linux:7::hypervisor RHSA-2022:0443 2022-02-07T00:00:00Z
Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
redhat-virtualization-host-0:4.4.10-202202081536_8.5 cpe:/o:redhat:rhev_hypervisor:4.4::el8 RHSA-2022:0540 2022-02-15T00:00:00Z
References
Link Providers
http://packetstormsecurity.com/files/166196/Polkit-pkexec-Local-Privilege-Escalation.html cve-icon cve-icon
http://packetstormsecurity.com/files/166200/Polkit-pkexec-Privilege-Escalation.html cve-icon cve-icon
https://access.redhat.com/security/vulnerabilities/RHSB-2022-001 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2025869 cve-icon cve-icon
https://cert-portal.siemens.com/productcert/pdf/ssa-330556.pdf cve-icon cve-icon
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2021-4034 cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog cve-icon
https://www.cve.org/CVERecord?id=CVE-2021-4034 cve-icon
https://www.oracle.com/security-alerts/cpuapr2022.html cve-icon cve-icon
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt cve-icon cve-icon cve-icon
https://www.secpod.com/blog/local-privilege-escalation-vulnerability-in-major-linux-distributions-cve-2021-4034/ cve-icon cve-icon
https://www.starwindsoftware.com/security/sw-20220818-0001/ cve-icon cve-icon
https://www.suse.com/support/kb/doc/?id=000020564 cve-icon cve-icon
History

Tue, 05 Nov 2024 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:*:*:*:*:*:*:*
Vendors & Products Starwindsoftware starwind Hyperconverged Appliance

Mon, 04 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-06-27'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 14 Aug 2024 01:00:00 +0000

Type Values Removed Values Added
References
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2022-01-28T00:00:00

Updated: 2024-11-04T14:58:43.983Z

Reserved: 2021-11-29T00:00:00

Link: CVE-2021-4034

cve-icon Vulnrichment

Updated: 2024-09-23T18:05:54.355Z

cve-icon NVD

Status : Analyzed

Published: 2022-01-28T20:15:12.193

Modified: 2024-11-05T19:38:06.523

Link: CVE-2021-4034

cve-icon Redhat

Severity : Important

Publid Date: 2022-01-25T17:00:00Z

Links: CVE-2021-4034 - Bugzilla