CVE-2021-4034
CVE-2021-4034 copied to clipboard
arthepsy
[!] Error Execute on UBUNTU SERVER with no gcc [!]
./cve-2021-4034-poc sh: 1: gcc: not found GLib: Cannot convert message: Could not open converter from 'UTF-8' to 'PWNKIT' The value for the SHELL variable was not found the /etc/shells file
Polkit (pkexec --version) pkexec version 0.105
KERNEL (uname -a) Linux new-server1 4.4.0-210-generic #242-Ubuntu SMP Fri Apr 16 09:57:56 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
I've had the same problem, so I compiled the binary and the library separately (only for x86 64) and made an archive from the working check. It has a test-remote.sh script, pass to it a hostname (example.com, [email protected], the name of an entry from your SSH config, ..., whatever scp takes) and it will upload PwnKit to the host, run the exploit and if you get a shell, well, the host is vulnerable. And then use it to fix it (either update policykit or chmod 0755 /usr/bin/pkexec).
GLib: Cannot convert message: Could not open converter from “UTF-8” to “PWNKIT” The value for the SHELL variable was not found the /etc/shells file
./cve-2021-4034-poc sh: 1: gcc: not found GLib: Cannot convert message: Could not open converter from 'UTF-8' to 'PWNKIT' The value for the SHELL variable was not found the /etc/shells file
Polkit (pkexec --version) pkexec version 0.105
KERNEL (uname -a) Linux new-server1 4.4.0-210-generic #242-Ubuntu SMP Fri Apr 16 09:57:56 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
sudo apt update sudo apt install build-essential
install gcc
not always a good idea, especially not when you are testing production servers
GLib: Cannot convert message: Could not open converter from “UTF-8” to “PWNKIT” The value for the SHELL variable was not found the /etc/shells file
Any solution for this? I am facing same issue
