Linux is widely known as a highly secure operating system. However, like any other system software, it too can fall prey to loopholes and exploits, the worst of which are privilege escalation vulnerabilities that allow an adversary to elevate their permissions and potentially take over an entire organization.Polkit CVE-2021-4034 is a critical privilege escalation vulnerability that has gone unnoticed for over 12 years and affects all major Linux distributions. It is so devastating that a criticality rating of 8 was issued to the vulnerability. So, what exactly is Polkit CVE-2021-4034, and how can you fix it?

What Is the CVE-2021-4034 Polkit Privilege Escalation Vulnerability?

Polkit privilege escalation vulnerability weaponizes pkexec, an executable part of the PolicyKit component of Linux. pkexec is an executable that allows a user to execute commands as another user. The pkexec source code had loopholes that anyone could exploit to gain maximum privileges on a Linux system, i.e., become the root user. This bug has been termed "Pwnkit" and is being tracked as CVE-2021-4034.

The Polkit vulnerability in Linux allows non-privileged users to execute malicious code as root. This is capable of a host of destructive actions, including installing backdoors, a complete takeover of the system, and making permanent changes to the victim's system.

How Is CVE-2021-4034 Polkit Privilege Escalation Vulnerability Exploited?

Polkit is a package shipped with all major Linux distributions like Ubuntu, Fedora, and Debian, and server distributions like RHEL and CentOS. It defines and manages policies that allow unprivileged processes to communicate with privileged processes on a Linux system.

vulnerable pkexec source code

The Polkit component has an executable part, pkexec, which handles how a user can execute commands as another user. The root of the vulnerability lies in the source code of this executable.

The Pwnkit exploit essentially abuses how *NIX systems process arguments and utilizes out-of-bounds read and write mechanisms to inject insecure environment variables to gain root privilege. If you want to dive deep into the technical bits of this exploit, check out the official security advisory by the researchers who reported this vulnerability.

Who Is Impacted by the CVE-2021-4034 Vulnerability?

This vulnerability is easy to exploit and is widespread as the affected component, Policy Kit is shipped with major distributions by default; attackers will aggressively try and gain leverage by exploiting this vulnerability in cloud environments, the operations space of major businesses.

The victims of this vulnerability include, and are not limited to, Ubuntu, Fedora, CentOS, and Red Hat 8. At the time of this piece, the vulnerability has been fixed in all the latest versions of the distributions. So, check the build version of your distro and update it as soon as possible.

How to Fix the CVE-2021-4034 Polkit Privilege Escalation Vulnerability and Are You Safe?

If you are running the latest build of your Linux distribution, then you don't need to worry about the Polkit vulnerability. But, as a safety check, run this command to check the version of the PolicyKit package installed in your system:

        dpkg -s policykit-1
    

If the output of this command returns a version equal to or lower than 0.105.18, your system is vulnerable and needs an upgrade. To fix the CVE-2021-4034 Polkit privilege escalation vulnerability, update your Linux distribution to the latest release.

On Ubuntu/Debian derivatives, run:

        sudo apt-get -y update && sudo apt-get -y upgrade
    

On Arch Linux, run:

        sudo pacman -Syyu
    

On Red Hat/Fedora/CentOS, issue this command:

        sudo dnf update && sudo dnf upgrade
    

Secure Your Linux Servers and Systems From Devastating Exploits

According to Linux server statistics, Linux is the operating system that empowers over a million web servers. This data should be sufficient to illustrate the scope of CVE-2021-4034 Polkit vulnerability and how devastating it could be.

To add to it, much like Dirty Pipe, there is no way to mitigate it other than updating your system. So, web servers and systems running susceptible Polkit versions are in for a world of trouble if they get hit with an exploit.

It is advised to all individuals and server maintainers to update and upgrade their systems. In case, updating the system as a whole is not an option, you can individually upgrade the polkit package to improve the security of your server.