so.cl

Rascals are always sociable, and the chief sign that a man has any nobility in his character is the little pleasure he takes in others company. Arthur Schopenhauer


CVE-2021-4034 - Local Privilege Escalation Vulnerability
→ in reply to @so.cl

Today is polkit-patching day. Keep in mind that this vulnerability is not remotely exploitable, you need a local user on the machine. This vulnerability has been hiding in plain sight for 12+ years and affects all versions of pkexec since its first version in May 2009 (commit c8c3d83, “Add a pkexec(1) command”).

Easyfix if you don’t have patches for your OS yet, by removing the SUID-bit from the binary.

# chmod 0755 /usr/bin/pkexec
January 26, 2022
#cve