CVE-2021-4034 PolKit Vulnerability
CVE-2021-4034 is a new vulnerability detected in PolKit, a component for controlling system-wide privileges in Unix-like operating systems.
The vulnerability was discovered in Polkit’s pkexec, a SUID-root program installed by default on every major Linux distribution. The discovery belongs to Qualys researchers.
In terms of its potential impact, the vulnerability could allow unprivileged users to gain root privileges on the exposed system. The issue has been verified independently, and an exploit has been developed as well. The following Linux distributions are affected:
- Ubuntu
- Debian
- Fedora
- CentOS
However, according to Qualys, “other Linux distributions are likely vulnerable and probably exploitable”. What is staggering in this case is that CVE-2021-4034 has been “hiding in plain sight for 12+ years,” affecting all versions of pkexec since its initial version released in May 2009.
More technical details are available in the official security advisory.
In June 2021, another years-old PolKit vulnerability was discovered. Identified as CVE-2021-3560, the flaw appeared to have been around for at least seven years.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: