by @acidburn
20 Sep 2024

PwnKit Pkexec LPE CVE-2021-4034

by @acidburn
20 Sep 2024

PwnKit Pkexec LPE CVE-2021-4034

CVEs

7.8 High Severity

OS

*.*
2.0.*
-.*
15.SP3
15.SP4
15.SP2
15.-
15.SP1
12.0.SP1
11.SP3
11.SP1
11.-
11.SP4
15.SP1
15.-
15.SP2
12.SP1
12.*
12.-
12.SP2
12.SP4
12.SP3
12.SP5
15.SP5
15.-
15.-
15.SP1
15.SP1
15.SP2
15.*
15.SP1
15.SP1
15.*
8.8.*
8.4.*
8.6.*
7.7.*
7.4.*
6.6.*
8.2.*
9.2.*
7.3.*
7.6.*
6.4 S390X.*
5.9 S390X.*
7.3 S390X.*
7.2 S390X.*
6.7 S390X.*
7.6 S390X.*
7.5 S390X.*
7.4 S390X.*
8.4 S390X.*
8.2 S390X.*
5.9.Z.*
5.6.Z.*
8.8.*
8.4.*
8.4.*
8.6.*
8.6.*
7.7.*
7.4.*
5.9.*
7.0.*
6.0.*
6.0.*
6.0.*
6.5 S390X.*
6.4 S390X.*
5.9 S390X.*
7.3 S390X.*
7.6 S390X.*
7.5 S390X.*
7.4 S390X.*
7.7 S390X.*
6.0 S390X.*
9.4 S390X.*
6.4 PPC64.*
5.9 PPC.*
5.0 PPC.*
6.0 PPC64.*
7.0 PPC64.*
7.0.*
5.0.*
6.0.*
4.0.*
7.3 Ppc64le.*
7.2 Ppc64le.*
7.6 Ppc64le.*
7.5 Ppc64le.*
7.4 Ppc64le.*
8.2 Ppc64le.*
8.1 Ppc64le.*
7.7 Ppc64le.*
9.4 Ppc64le.*
8.4 Ppc64le.*
7.0 Ppc64le.*
9.0 Ppc64le.*
9.2 Ppc64le.*
8.0 Ppc64le.*
8.6.*
7.0.*
8.0.*
9.0.*
-.*
1.*
7.0.*
7.0.*
5.0.*
6.0.*
6.0.*
6.0.*
4.0.*
2.0.*
8.0.*
8.8.*
8.4.*
8.6.*
7.7.*
7.4.*
5.9.*
6.6.*
8.2.*
5.6.*
6.4.*
6.3.Z.*
6.6Z.*
6.5.Z.*
6.6.Z.*
6.7.Z.*
6.2.Z.*
6.1.Z.*
6.4.Z.*
8.4.*
8.6.*
7.8.*
7.9.*
7.9.*
7.4.*
5.8.*
5.9.*
6.6.*
8.2.*
5.7.*
9.2.*
5 Client.*
6.6.*
5.Unknown
5.-
5.*
6.3.*
6.4.*
4.4.*
6.2.*
7.*
6server.GA
ES 2.1.*
AS 2.1.*
4.5.Z.*
WS 2.1.*
5 Server.*
ES 3.*
AS 4.*
AS 3.*
WS 4.*
8.4.*
8.6.*
7.7.*
7.4.*
8.2.*
9.2.*
7.3.*
8.1.*
7.6.*
7.2.*
UL
Ubuntu LinuxCanonical
23.04.*
23.04.*
22.04.*
22.04.*
22.04.*
20.04.5.*
21.04.*
21.04.*
23.10.*
20.04.*

Apps

CC
Command CenterStarwindsoftware
6864.*
2.Build 6003
1.0.Update3 Build5871
-.*
-.*
SVS
Starwind Virtual SANStarwindsoftware
V8.Build12533
V8.Build12658
V8.Build12859
V8.Build13170
V8.Build13586
V8.Build13861
V8.Build14338
V8.Build14398
V18R13.14338
V8R13.14314
P
PolkitPolkit Project
0.112.1.*
*.*
0.118.*
0.117.*
0.104.*
0.114.*
0.102.*
0.109.*
0.112.*
0.120.*
*.*
3.2.*
3.3.0.*
4.2.*
4.3.*
2.1.*
4.1.*
4.2.50-150300.3.66.5.*
4.3.58-150400.3.46.4.*
4.2.10.*
4.2.8.*
4.2.6.*
4.2.9.*
4.2.4.*
4.2.*
4.2.1.*
4.2.7.*
7.0.*
5.0.*
6.0.*
HS
1.0.2.1s for Apps.*
1.0.2.2 Roll UP 2.*
*.*
12.2.1.4.0.*
12.2.1.3.0.*
10.1.3.5.0.*
9.0.4.1.0.*
12.1.3.0.0.*
12.2.1.2.0.*
11.1.1.9.0.*

Screenshots from the blog posts

images/cm1880asv1ism1gof4m8b70p5.jpgimages/cm1880asv1ism1gof4m8b70p5.jpg

Summary

This is an in-depth analysis of CVE-2021-4034 and an explanation of the exploitation development process.

Description

users/photos/clyborebbw3981gmw1isn3n4p.jpg

@acidburn

2 posts

Systems are meant to be tested; boundaries are meant to be pushed

Total vcoins

2K

Comments (1)