Symptoms
On January 25th 2022, a privilege escalation vulnerability was announced for the polkit package and you want to ensure your system is secure.
Description
The vulnerability affects the pkexec utility provided by the polkit package. More information about this can be found via RedHat's portal here:
Workaround
The updated package has been released to the base repositories. Verify if the server has the updated package with the following command:
CentOS/CloudLinux/Almalinux:
rpm -qa polkit --changelog | grep -B3 CVE-2021-4034
* Fri Dec 17 2021 Jan Rybar <jrybar@redhat.com> - 0.112-26.1
- pkexec: argv overflow results in local privilege esc.
- Resolves: CVE-2021-4034
Ubuntu:
zgrep -E 'CVE-2021-4034' /usr/share/doc/policykit-1/changelog.Debian.gz
If it is not updated, the output will be blank.
On cPanel system to ensure the packages are updated run the rpmup script:
/scripts/rpmup