Skip to main content

CVE-2021-4034 : pwnkit: Local Privilege Escalation in polkit's pkexec

Comments

6 comments

  • Duke C
    In case it helps anyone, you can check if the patched version of polkit is installed on your systems like so: [CODE=bash]rpm -q --changelog polkit | grep -B2 CVE-2021-4034
    If your polkit has been updated to the patched version, the output should be something like this: * Fri Dec 17 2021 Jan Rybar - 0.112-26.1 - pkexec: argv overflow results in local privilege esc. - Resolves: CVE-2021-4034
    0
  • martin MHC
    Hello I hace checked my local polkit version and it says the flaw is fixed; as per @Duke C 's reply. However, my server security states that various polkit files (pkexec etc.) have been updated last night. Including inode changes. Is the date "Dec 17 2021" I assume the build date of the version rather than the install date? Would it seems logical that the update was carried out last night which causes the file-change flagging and prior to 26-01-22 the polkit vulnerability existed on this server?
    0
  • manager23
    I see updates for this issue on CentOS 7, where /var/log/yum.log shows they were installed about 10 hours ago: /var/log/yum.log:Jan 27 04:48:24 Updated: polkit-0.112-26.el7_9.1.x86_64
    So my remaining question is if we will also get an update for CentOS 6 (I know it's EOL) and if not, does anyone have tips on how to mitigate the risk there?
    0
  • Babene7
    So my remaining question is if we will also get an update for CentOS 6 (I know it's EOL) and if not, does anyone have tips on how to mitigate the risk there?

    According to WHT did it and hasn't run into any issues.
    0
  • cPRex Jurassic Moderator
    This software is distributed straight from the operating system provider and is not touched by cPanel, so there wouldn't be updates on our end for this. I would not expect there to be any releases for CentOS 6. You should long be migrated off any CentOS 6 machines for security reasons at this point, or at least using the CloudLinux extended support.
    0
  • allpar
    FWIW, I can say that (a) I also did the chmod trick and (b) i was indeed updated on my system in the overnight.
    0

Please sign in to leave a comment.