Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <56d94fb3-cb73-c541-b62b-4239a28afea1@rs-labs.com>
Date: Wed, 26 Jan 2022 12:18:07 +0100
From: Roman Medina-Heigl Hernandez <roman@...labs.com>
To: oss-security@...ts.openwall.com
Subject: Re: pwnkit: Local Privilege Escalation in polkit's
 pkexec (CVE-2021-4034)

Exploit by blasty attached (also at: 
https://haxx.in/files/blasty-vs-pkexec.c).

PS: Untested because my Debian machine doesn't contain pkexec, even 
though Qualy's advisory says it is by default on Debian.

PS2: Since vuln is trivially exploitable other exploits will arise for 
sure. Well, indeed there are already other exploits. (eg: 
https://github.com/berdav/CVE-2021-4034).

Cheers,

-r

El 25/01/2022 a las 19:04, Sam James escribió:
>
>> On 25 Jan 2022, at 17:57, Qualys Security Advisory <qsa@...lys.com> wrote:
>>
>>
>> Qualys Security Advisory
>> pwnkit: Local Privilege Escalation in polkit's pkexec (CVE-2021-4034)
>> [snip]
> Hi,
>
> For the benefit of downstreams: patch is available in gitlab [0]
> but no release yet.
>
> [0] https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
>
> Best,
> sam

-- 
Saludos,
-Román

View attachment "blasty-vs-pkexec.c" of type "text/plain" (2159 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.