CVE-2021-4034 icon indicating copy to clipboard operation
CVE-2021-4034 copied to clipboard

Published 20 hours ago verified publisher icon arthepsy

pkexec doesn't work

Open JonathanAppriou opened this issue 3 years ago • 5 comments

Hello, pkexec doesn't launch the pwnkit, has anyone encountered this problem ?

image

It seems that pkexec does not take into account the environment (the env variable in the program ):

image

JonathanAppriou avatar Feb 08 '22 14:02 JonathanAppriou

Run it as a non-root user. The whole point of the exploit is to gain root privileges via a non-root user.

toxyl avatar Feb 08 '22 16:02 toxyl

I also tried with a non-root user but it does exactly the same. Maybe the problem comes from the code or from my machine ?

JonathanAppriou avatar Feb 09 '22 08:02 JonathanAppriou

Another option is that the target is not vulnerable. IIRC I saw that response on some patched systems too, but I might be wrong. I would suggest you test this on a system you know to be vulnerable, then patch it and try again.

toxyl avatar Feb 09 '22 09:02 toxyl

Ok, thanks for your quick response.

What make the target vulnerable ? Sure, the target needs to have Polkit installed and be a Linux distribution, but what else?

JonathanAppriou avatar Feb 09 '22 10:02 JonathanAppriou

It's all about the version.

According to https://github.com/cyberark/PwnKit-Hunter/blob/main/CVE-2021-4034_Finder.py versions below these are vulnerable: Ubuntu 20.04: 0.105-26ubuntu1.2 Ubuntu 21.10: 0.105-31ubuntu0.1 Ubuntu 18.04: 0.105-20ubuntu0.18.04.6 Debian stretch: 0.105-18+deb9u2 Debian buster: 0.105-25+deb10u1 Debian bullseye: 0.105-31+deb11u1

toxyl avatar Feb 09 '22 13:02 toxyl