CVE-2021-4034 PoC — polkit 缓冲区错误漏洞

Source

Associated Vulnerability

Description

Software Vulnerabilities and mitigation university course, to show exploitation and remediation caused by this vulnerability 

Readme

# PwnKit-Local-Privilege-Escalation-Vulnerability-Discovered-in-polkit-s-pkexec-CVE-2021-4034-
Software Vulnerabilities and mitigation university project, to show exploitation and remediation caused by this vulnerability.
We used for this experiment Ubunto version 16.04 LTS, as well and Debian 10.1.0 which will be shown in the experiment.
setting up the environment was essentail since you need always to verify the version you work on to be sure it's vulenrable or not.
checking commands used : dpkg -l | grep polkit, pkexec --version

# CVE-2021-4034
PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)

https://seclists.org/oss-sec/2022/q1/80  
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

# PoC

Verified on Debian 10 and Ubunto 16.0.4

```
user@debian:~$ grep PRETTY /etc/os-release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
user@debian:~$ id
uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev)
user@debian:~$ gcc cve-2021-4034-poc.c -o cve-2021-4034-poc
user@debian:~$ ./cve-2021-4034-poc
# id
uid=0(root) gid=0(root) groups=0(root),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev),1000(user)

File Snapshot

 [4.0K]  /data/pocs/cf8cd9d6df4f030652d6f3ff31bf98802465158d
├── [2.6K]  exploit.c
└── [1.3K]  README.md

0 directories, 2 files

Remarks