#polkit

Описание: Privilege escalation with polkit: CVE-2021-4034

What is #polkit?
polkit is a system service that comes standard with many Linux distributions. Because systemd makes use of it, any Linux distribution that makes use of systemd also makes use of polkit.
#CVE-2021-4034 : pkexec incorrectly handles the calling parameter count and ends up attempting to execute environment variables as commands. An attacker can take advantage of this by modifying environment variables in such a way that they cause pkexec to execute arbitrary code. When carried out successfully, the attack can result in a local privilege escalation, granting unprivileged users administrative rights on the target machine.pkexec incorrectly handles the calling parameter count and ends up attempting to execute environment variables as commands. An attacker can take advantage of this by modifying environment variables in such a way that they cause pkexec to execute arbitrary code. When carried out successfully, the attack can result in a local privilege escalation, granting unprivileged users administrative rights on the target machine.

Exploit : https://github.com/berdav/CVE-2021-4034

Vulnmachines​​ - Place for Pentesters
Vulnmachines is online cyber security training platform with a massive number of labs, allowing individuals, students, cyber professionals, companies, universities and all kinds of organizations around the world to enhance their practical skills with Real-world enterprise scenarios.

Visit : https://www.vulnmachines.com​​​​​

TheSecOps Group : The SecOps Group is founded by industry veterans. We have over 15 years of experience in providing cyber security consultancy and have worked with some of the largest blue chip companies. Being an independent boutique company, we enable our customers to continuously identify and assess their security postures and provide advice in securing against the adversaries.

Our team regularly speaks at international conferences (including Black Hat, Defcon, HITB, and OWASP Appsec). We pride ourselves in hiring the best talent and our passion is to stay up-to-date with the latest in the world of ethical hacking.

For business : https://secops.group/

Follow us
Twitter :   / vulnmachines  
Facebook : https://www.fb.com/vulnmachines​​​​
LinkedIn :   / vulnmachines  

#cybersecurity #cve #bugbounty #privilege #linux #pentesting #pentesting #pentest #infosec #information #2021