Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-4034 PoC — polkit 缓冲区错误漏洞

Source
https://github.com/milot/dissecting-pkexec-cve-2021-4034
Associated Vulnerability
Title:polkit 缓冲区错误漏洞 (CVE-2021-4034)
Description:polkit是一个在类 Unix操作系统中控制系统范围权限的组件。通过定义和审核权限规则,实现不同优先级进程间的通讯。 polkit 的 pkexec application存在缓冲区错误漏洞,攻击者可利用该漏洞通过精心设计环境变量诱导pkexec执行任意代码。成功执行攻击后,如果目标计算机上没有权限的用户拥有管理权限,攻击可能会导致本地权限升级。
Readme
## Dissecting pkexec CVE-2021-4034

### Introduction and Usage
#### Introduction
This is a part of the [blog post](https://milot.io/dissecting-pkexec-cve-2021-43267-vulnerability/) that explains how [CVE-2021-4034](https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034) actually works.

#### Usage
This repository contains a single C file that contains code and comments, the compilation and running the file is fairly straight forward:

```
gcc pkexec-cve-2021-4034.c -o run-milotio
```

### Disclaimer
Please read the [disclaimer](https://milot.io/about/#disclaimer) below which is the same on my website, this vulnerability has been analyzed for ethical and educational purposes solely to understand how to protect your systems and environments.

All contents on this repository are for informational and educational purposes only. I strongly believe that computer programming, ethical hacking, information security and cyber security in general should be familiar subject to anyone using computers and the internet. Information and code posted on this repository should be used to understand topics from the defense perspective and in general how to protect yourself from various threat actors. Information on this repository is strictly for educational purposes and should be used ethically.

The entire content has been written on a controlled environment mainly using my own routers, servers, websites, computers and other resources (such as TryHackMe, HackTheBox and VulnHub) they do not contain any illegal activity. I don't promote, encourage, support or excite any illegal activity or hacking without written consent. I want to raise security awareness and inform the general opinion on how to prevent themselves from being a victim of malicious actors. If you plan to use the information for illegal purposes, please leave this blog now. I cannot be held responsible for any misuse of the given information.
File Snapshot

 [4.0K]  /data/pocs/37c554dedbaafc8ff7e5c5b20bfbff46df0a46d4
├── [4.2K]  pkexec-cve-2021-4034.c
└── [2.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.