This contains single-file exploit for cve-2021-4034 which is a Polkit Local Privilege Escalation. Use it wisely!# CVE-2021-4034
This contains single-file exploit for cve-2021-4034 which is a Polkit Local Privilege Escalation. Use it wisely!
## Vulnerability Description
CVE-2021-4034, commonly referred to as **Pwnkit**, is a memory corruption vulnerability in the pkexec component of Polkit, a toolkit used for defining and handling authorizations in Unix-like systems. The vulnerability stems from improper handling of environment variables, allowing a local user to execute arbitrary code as the root user.
The core issue lies in how `pkexec` fails to properly sanitize environment variables before parsing them. This leads to an **out-of-bound** write condition in certain scenarios, ultimately allowing for local privilege escalation. It has existed in the codebase since the initial commit of `pkexec` in 2009, making nearly every major Linux distribution vulnerable until patched in early 2022.
## Exploit Steps
1. `sudo apt update`
2. `sudo apt install git`
3. `git clone https://github.com/Z3R0-0x30/CVE-2021-4034.git`
4. `cd CVE-2021-4034`
5. `chmod +x Z3R0_polkitLPE.sh`
6. `./Z3R0_polkitLPE.sh`
[4.0K] /data/pocs/beb4f4b643ae9ce5aa7cc75a12bc1aca9326b1a4
├── [1.1K] README.md
└── [1.2K] Z3R0_polkitLPE.sh
0 directories, 2 files