关联漏洞
标题:
polkit 缓冲区错误漏洞
(CVE-2021-4034)
描述:polkit是一个在类 Unix操作系统中控制系统范围权限的组件。通过定义和审核权限规则,实现不同优先级进程间的通讯。 polkit 的 pkexec application存在缓冲区错误漏洞,攻击者可利用该漏洞通过精心设计环境变量诱导pkexec执行任意代码。成功执行攻击后,如果目标计算机上没有权限的用户拥有管理权限,攻击可能会导致本地权限升级。
描述
Pre-compiled builds for CVE-2021-4034
介绍
# CVE-2021-4034
Precompiled builds for CVE-2021-4034.
Of course you shouldn't trust precompiled builds :)
This release works slightly different: first a minimal shared object is created. This object is packaged into the main binary and dropped upon execution. Musl is used for compilation to minimize dependencies (e.g. specific libc versions maybe?)
## Acknowledgements
* Original advisory by Qualys: https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
* Berdav's (Davide Berardi) poc: https://github.com/berdav/CVE-2021-4034
* Blasty's (`peter@haxx.in`) poc: https://haxx.in/files/blasty-vs-pkexec2.c
## Binaries
| Target | Link |
|--------|------|
|aarch64|[cve-2021-4034_aarch64](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_aarch64)|
|aarch64_be|[cve-2021-4034_aarch64_be](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_aarch64_be)|
|arm-eabi|[cve-2021-4034_arm-eabi](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_arm-eabi)|
|arm-eabihf|[cve-2021-4034_arm-eabihf](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_arm-eabihf)|
|armeb-eabi|[cve-2021-4034_armeb-eabi](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_armeb-eabi)|
|armeb-eabihf|[cve-2021-4034_armeb-eabihf](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_armeb-eabihf)|
|armel-eabi|[cve-2021-4034_armel-eabi](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_armel-eabi)|
|armel-eabihf|[cve-2021-4034_armel-eabihf](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_armel-eabihf)|
|armv5l-eabi|[cve-2021-4034_armv5l-eabi](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_armv5l-eabi)|
|armv5l-eabihf|[cve-2021-4034_armv5l-eabihf](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_armv5l-eabihf)|
|armv6-eabi|[cve-2021-4034_armv6-eabi](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_armv6-eabi)|
|armv6-eabihf|[cve-2021-4034_armv6-eabihf](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_armv6-eabihf)|
|armv7l-eabihf|[cve-2021-4034_armv7l-eabihf](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_armv7l-eabihf)|
|armv7m-eabi|[cve-2021-4034_armv7m-eabi](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_armv7m-eabi)|
|armv7r-eabihf|[cve-2021-4034_armv7r-eabihf](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_armv7r-eabihf)|
|i486|[cve-2021-4034_i486](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_i486)|
|i686|[cve-2021-4034_i686](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_i686)|
|m68k|[cve-2021-4034_m68k](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_m68k)|
|mips|[cve-2021-4034_mips](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_mips)|
|mips-n32sf|[cve-2021-4034_mips-n32sf](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_mips-n32sf)|
|mips-sf|[cve-2021-4034_mips-sf](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_mips-sf)|
|mips64|[cve-2021-4034_mips64](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_mips64)|
|mips64-n32|[cve-2021-4034_mips64-n32](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_mips64-n32)|
|mips64-n32sf|[cve-2021-4034_mips64-n32sf](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_mips64-n32sf)|
|mips64el|[cve-2021-4034_mips64el](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_mips64el)|
|mips64el-n32|[cve-2021-4034_mips64el-n32](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_mips64el-n32)|
|mips64el-n32sf|[cve-2021-4034_mips64el-n32sf](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_mips64el-n32sf)|
|mipsel|[cve-2021-4034_mipsel](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_mipsel)|
|mipsel-n32|[cve-2021-4034_mipsel-n32](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_mipsel-n32)|
|mipsel-n32sf|[cve-2021-4034_mipsel-n32sf](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_mipsel-n32sf)|
|mipsel-sf|[cve-2021-4034_mipsel-sf](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_mipsel-sf)|
|powerpc|[cve-2021-4034_powerpc](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_powerpc)|
|powerpc-sf|[cve-2021-4034_powerpc-sf](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_powerpc-sf)|
|powerpc64|[cve-2021-4034_powerpc64](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_powerpc64)|
|powerpc64le|[cve-2021-4034_powerpc64le](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_powerpc64le)|
|powerpcle|[cve-2021-4034_powerpcle](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_powerpcle)|
|powerpcle-sf|[cve-2021-4034_powerpcle-sf](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_powerpcle-sf)|
|riscv32|[cve-2021-4034_riscv32](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_riscv32)|
|riscv64|[cve-2021-4034_riscv64](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_riscv64)|
|s390x|[cve-2021-4034_s390x](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_s390x)|
|**x86_64**|[cve-2021-4034_x86_64](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_x86_64)|
|x86_64-x32|[cve-2021-4034_x86_64-x32](https://github.com/c3c/CVE-2021-4034/releases/download/0.2/cve-2021-4034_x86_64-x32)|
## Building
If you want to build it yourself, modify the `targets` file to include the architectures that you need. Then run `build.sh`.
You will need Docker.
文件快照
[4.0K] /data/pocs/c4c94abe207a48aecaa34605af88a5ad931d165c
├── [ 688] build.sh
├── [1.3K] cve-2021-4034.c
├── [ 426] pwnkit.c
├── [5.8K] README.md
└── [1.3K] targets
0 directories, 5 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。