Write a blog analysis for a CVE
publish by @acidburn
20 Sep 2024
#cve_analysis
PwnKit Pkexec LPE CVE-2021-4034
by @acidburn
20 Sep 2024
#cve_analysis
Write a blog analysis for a CVE
publishPwnKit Pkexec LPE CVE-2021-4034
OS
SLF
Scalance LPE9403 FirmwareSiemens
*.*
2.0.*
-.*
LED
15.SP3
15.SP4
15.SP2
15.-
15.SP1
12.0.SP1
11.SP3
11.SP1
11.-
11.SP4
15.SP1
15.-
15.SP2
12.SP1
12.*
12.-
12.SP2
12.SP4
12.SP3
12.SP5
15.SP5
15.-
15.-
15.SP1
15.SP1
15.SP2
15.*
15.SP1
15.SP1
15.*
ELS
8.8.*
8.4.*
8.6.*
7.7.*
7.4.*
6.6.*
8.2.*
9.2.*
7.3.*
7.6.*
6.4 S390X.*
5.9 S390X.*
7.3 S390X.*
7.2 S390X.*
6.7 S390X.*
7.6 S390X.*
7.5 S390X.*
7.4 S390X.*
8.4 S390X.*
8.2 S390X.*
ELE
Enterprise Linux EUSRedhat
5.9.Z.*
5.6.Z.*
8.8.*
8.4.*
8.4.*
8.6.*
8.6.*
7.7.*
7.4.*
5.9.*
7.0.*
6.0.*
6.0.*
6.0.*
ELF
6.5 S390X.*
6.4 S390X.*
5.9 S390X.*
7.3 S390X.*
7.6 S390X.*
7.5 S390X.*
7.4 S390X.*
7.7 S390X.*
6.0 S390X.*
9.4 S390X.*
6.4 PPC64.*
5.9 PPC.*
5.0 PPC.*
6.0 PPC64.*
7.0 PPC64.*
7.0.*
5.0.*
6.0.*
4.0.*
7.3 Ppc64le.*
7.2 Ppc64le.*
7.6 Ppc64le.*
7.5 Ppc64le.*
7.4 Ppc64le.*
8.2 Ppc64le.*
8.1 Ppc64le.*
7.7 Ppc64le.*
9.4 Ppc64le.*
8.4 Ppc64le.*
7.0 Ppc64le.*
9.0 Ppc64le.*
9.2 Ppc64le.*
8.0 Ppc64le.*
8.6.*
7.0.*
8.0.*
9.0.*
-.*
ELW
1.*
7.0.*
7.0.*
5.0.*
6.0.*
6.0.*
6.0.*
4.0.*
2.0.*
8.0.*
ELS
8.8.*
8.4.*
8.6.*
7.7.*
7.4.*
5.9.*
6.6.*
8.2.*
5.6.*
6.4.*
ELS
6.3.Z.*
6.6Z.*
6.5.Z.*
6.6.Z.*
6.7.Z.*
6.2.Z.*
6.1.Z.*
6.4.Z.*
8.4.*
8.6.*
Enterprise Linux ServerRedhat
7.8.*
7.9.*
7.9.*
7.4.*
5.8.*
5.9.*
6.6.*
8.2.*
5.7.*
9.2.*
ELD
Enterprise Linux DesktopRedhat
5 Client.*
6.6.*
5.Unknown
5.-
5.*
6.3.*
6.4.*
4.4.*
6.2.*
7.*
Enterprise LinuxRedhat
6server.GA
ES 2.1.*
AS 2.1.*
4.5.Z.*
WS 2.1.*
5 Server.*
ES 3.*
AS 4.*
AS 3.*
WS 4.*
8.4.*
8.6.*
7.7.*
7.4.*
8.2.*
9.2.*
7.3.*
8.1.*
7.6.*
7.2.*
UL
Ubuntu LinuxCanonical
23.04.*
23.04.*
22.04.*
22.04.*
22.04.*
20.04.5.*
21.04.*
21.04.*
23.10.*
20.04.*
Apps
CC
Command CenterStarwindsoftware
6864.*
2.Build 6003
1.0.Update3 Build5871
-.*
SHA
Starwind Hyperconverged ApplianceStarwindsoftware
-.*
SVS
Starwind Virtual SANStarwindsoftware
V8.Build12533
V8.Build12658
V8.Build12859
V8.Build13170
V8.Build13586
V8.Build13861
V8.Build14338
V8.Build14398
V18R13.14338
V8R13.14314
P
PolkitPolkit Project
0.112.1.*
*.*
0.118.*
0.117.*
0.104.*
0.114.*
0.102.*
0.109.*
0.112.*
0.120.*
SE
Sinumerik EdgeSiemens
*.*
3.2.*
3.3.0.*
MP
Manager ProxySUSE
4.2.*
4.3.*
2.1.*
4.1.*
MS
Manager ServerSUSE
4.2.50-150300.3.66.5.*
4.3.58-150400.3.46.4.*
4.2.10.*
4.2.8.*
4.2.6.*
4.2.9.*
4.2.4.*
4.2.*
4.2.1.*
4.2.7.*
ES
7.0.*
5.0.*
6.0.*
15.0.*
15.0.SP2
8.6.*
7.7.*
7.4.*
7.6.*
HS
HTTP ServerOracle
1.0.2.1s for Apps.*
1.0.2.2 Roll UP 2.*
*.*
12.2.1.4.0.*
12.2.1.3.0.*
10.1.3.5.0.*
9.0.4.1.0.*
12.1.3.0.0.*
12.2.1.2.0.*
11.1.1.9.0.*
ZSA
8.8.*
Screenshots from the blog posts
Summary
This is an in-depth analysis of CVE-2021-4034 and an explanation of the exploitation development process.
Description
Comments (1)