CVE-2021-4034 PoC — polkit 缓冲区错误漏洞

Source

https://github.com/hohn/codeql-sample-polkit

Associated Vulnerability

Title:polkit 缓冲区错误漏洞 (CVE-2021-4034)
Description:polkit是一个在类 Unix操作系统中控制系统范围权限的组件。通过定义和审核权限规则，实现不同优先级进程间的通讯。 polkit 的 pkexec application存在缓冲区错误漏洞，攻击者可利用该漏洞通过精心设计环境变量诱导pkexec执行任意代码。成功执行攻击后，如果目标计算机上没有权限的用户拥有管理权限，攻击可能会导致本地权限升级。

Description

All stages of exploring the polkit CVE-2021-4034 using codeql

File Snapshot


 [4.0K]  /data/pocs/a4fb6877a7786ed0c32c32781d4f7e5e9cb64e6c
├── [5.0K]  argv-out-of-bounds-0.ql
├── [5.0K]  argv-out-of-bounds-1.ql
├── [2.6K]  argv-out-of-bounds-2.ql
├── [ 195]  argv-out-of-bounds.ql
├── [100K]  cfg.dot
├── [136K]  cfg.pdf
├── [4.0K]  db
│   ├── [ 16M]  polkit-0.119.zip
│   └── [8.3M]  polkit-a2bf5c9c.zip
├── [1.6K]  dgml2dot
├── [ 246]  Dockerfile
├── [1.0K]  LICENSE
├── [ 126]  polkit-workspace.code-workspace
├── [4.0K]  PrintCFG.dgml
│   └── [4.0K]  cpp
│       └── [4.0K]  example
│           └── [4.0K]  polkit
│               ├── [155K]  cfg.dgml
│               ├── [136K]  cfg.dot
│               ├── [2.7M]  cfg.pdf
│               └── [943K]  cfg.svg
├── [1.5K]  PrintCFG.ql
├── [1.8K]  PrintCFG.sh
├── [4.0K]  PrintIR-pkexec.graphtext
│   └── [4.0K]  cpp
│       └── [4.0K]  example
│           └── [321K]  polkit-ir.txt
├── [ 948]  PrintIR-pkexec.ql
├── [1.5K]  PrintIR.sh
├── [ 147]  qlpack.yml
└── [ 14K]  README.org

8 directories, 23 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!