Polkit is shipped with PDA OS Security kits. This Bulletin provides mitigation for the reported CVE
CVEID:CVE-2021-4034
**DESCRIPTION:**Polkit could allow a local authenticated attacker to gain elevated privileges on the system, caused by incorrect handling of the argument vectors in the pkexec utility. By crafting environment variables in a specific way, an attacker could exploit this vulnerability to execute commands with root privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/218087 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Netezza PDA OS Security | All Versions |
None
Temporary mitigation of the reported CVE : CVE-2021-4034, removing the SUID-bit from pkexec on PureData System for Analytics N200x and N3001 is as follows:
Execute below step using “root” user on both ha1/ha2 hosts
CPE | Name | Operator | Version |
---|---|---|---|
puredata system for analytics | eq | any |