关联漏洞
标题:
polkit 缓冲区错误漏洞
(CVE-2021-4034)
描述:polkit是一个在类 Unix操作系统中控制系统范围权限的组件。通过定义和审核权限规则,实现不同优先级进程间的通讯。 polkit 的 pkexec application存在缓冲区错误漏洞,攻击者可利用该漏洞通过精心设计环境变量诱导pkexec执行任意代码。成功执行攻击后,如果目标计算机上没有权限的用户拥有管理权限,攻击可能会导致本地权限升级。
描述
Proof Of Concept for the 2021's pkexec vulnerability CVE-2021-4034
介绍
# CVE-2021-4034 - Proof Of Concept
This *POC* exploits *GLib*'s `g_printerr` to leverage code execution through the injection of the `GCONV_PATH` environmental variable.
## Running the exploit
Make a tarball file of the exploit:
```bash
make tar
```
Then somehow transfer the generated tar to the target machine, compile, and run the vulnerability:
```bash
make
./poc
```
The exploit will try to execute a `/bin/sh` as root.
## Further reading
* [The blog post this exploit was based on](https://milot.io/dissecting-pkexec-cve-2021-4034-vulnerability/)
* [An article to better understand the theory behind the attack](https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034)
文件快照
[4.0K] /data/pocs/910beca691b0919cb8d28d0e718a50be806303c4
├── [4.0K] GCONV_PATH=.
│ └── [ 0] modules
├── [ 233] lib.c
├── [ 221] Makefile
├── [4.0K] modules
│ └── [ 38] gconv-modules
├── [ 234] poc.c
└── [ 786] README.md
2 directories, 6 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。