Lucene search
UbuntuUSN-5252-1HistoryJan 25, 2022 - 12:00 a.m.
PolicyKit vulnerability
2022-01-2500:00:00
ubuntu.com
155
policykit vulnerability
ubuntu
pkexec
privilege escalation
command-line arguments
security issue
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
46.9%
Releases
- Ubuntu 21.10
- Ubuntu 20.04 LTS
- Ubuntu 18.04 ESM
Packages
- policykit-1 - framework for managing administrative policies and privileges
Details
It was discovered that the PolicyKit pkexec tool incorrectly handled
command-line arguments. A local attacker could use this issue to escalate
privileges to an administrator.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 21.10 | noarch | policykit-1 | < 0.105-31ubuntu0.1 | UNKNOWN |
| Ubuntu | 21.10 | noarch | gir1.2-polkit-1.0 | < 0.105-31ubuntu0.1 | UNKNOWN |
| Ubuntu | 21.10 | noarch | libpolkit-agent-1-0 | < 0.105-31ubuntu0.1 | UNKNOWN |
| Ubuntu | 21.10 | noarch | libpolkit-agent-1-0-dbgsym | < 0.105-31ubuntu0.1 | UNKNOWN |
| Ubuntu | 21.10 | noarch | libpolkit-agent-1-dev | < 0.105-31ubuntu0.1 | UNKNOWN |
| Ubuntu | 21.10 | noarch | libpolkit-gobject-1-0 | < 0.105-31ubuntu0.1 | UNKNOWN |
| Ubuntu | 21.10 | noarch | libpolkit-gobject-1-0-dbgsym | < 0.105-31ubuntu0.1 | UNKNOWN |
| Ubuntu | 21.10 | noarch | libpolkit-gobject-1-dev | < 0.105-31ubuntu0.1 | UNKNOWN |
| Ubuntu | 21.10 | noarch | policykit-1-dbgsym | < 0.105-31ubuntu0.1 | UNKNOWN |
| Ubuntu | 21.10 | noarch | policykit-1-doc | < 0.105-31ubuntu0.1 | UNKNOWN |
References
Related
rosalinux
rosalinux
Advisory ROSA-SA-2022-2013
2022-01-31 14:03:39
Advisory ROSA-SA-2022-2012
2022-01-27 13:18:29
githubexploit
githubexploit
Exploit for Out-of-bounds Read in Polkit Project Polkit
2022-03-23 11:08:20
Exploit for Out-of-bounds Read in Polkit Project Polkit
2022-05-21 05:42:01
Exploit for Out-of-bounds Write in Polkit Project Polkit
2022-09-25 02:46:20
ibm
ibm
saint
saint
Polkit pkexec privilege elevation
2022-01-27 00:00:00
Polkit pkexec privilege elevation
2022-01-27 00:00:00
nessus
nessus
EulerOS 2.0 SP9 : polkit (EulerOS-SA-2022-1420)
2022-04-18 00:00:00
openSUSE 15 Security Update : polkit (openSUSE-SU-2022:0190-1)
2022-01-26 00:00:00
RHEL 8 : polkit (RHSA-2022:0266)
2022-01-26 00:00:00
prion
prion
Privilege escalation
2022-01-28 20:15:00
openvas
openvas
Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2022-2527)
2022-10-10 00:00:00
Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2023-1083)
2023-01-09 00:00:00
openSUSE: Security Advisory for polkit (openSUSE-SU-2022:0190-1)
2022-02-08 00:00:00
freebsd
freebsd
polkit -- Local Privilege Escalation
2022-01-25 00:00:00
qualysblog
qualysblog
fedora
fedora
[SECURITY] Fedora 34 Update: polkit-0.117-3.fc34.2
2022-01-26 23:42:37
slackware
slackware
[slackware-security] polkit
2022-01-26 05:02:16
thn
thn
redos
redos
ROS-20220128-01
2022-01-28 00:00:00
checkpoint_security
checkpoint_security
veracode
veracode
Privilege Escalation
2022-01-26 05:22:38
ubuntu
ubuntu
PolicyKit vulnerability
2022-01-25 00:00:00
debiancve
debiancve
CVE-2021-4034
2022-01-28 20:15:12
redhat
redhat
(RHSA-2022:0267) Important: polkit security update
2022-01-25 17:38:41
(RHSA-2022:0269) Important: polkit security update
2022-01-25 17:49:01
(RHSA-2022:0272) Important: polkit security update
2022-01-25 18:08:44
metasploit
metasploit
Local Privilege Escalation in polkits pkexec
2022-01-26 19:05:36
talosblog
talosblog
Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
2022-10-13 12:00:00
osv
osv
Important: polkit security update
2022-01-25 17:38:41
policykit-1 - security update
2022-01-25 00:00:00
libpolkit-agent-1-0-0.120-2.1 on GA media
2024-06-15 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-4034 affecting package polkit for versions less than 0.119-2
2022-04-09 06:51:57
CVE-2021-4034 affecting package polkit 0.116-7
2022-02-01 04:53:56
cisa_kev
cisa_kev
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
2022-06-27 00:00:00
attackerkb
attackerkb
CVE-2021-4034
2022-01-28 00:00:00
packetstorm
packetstorm
Polkit pkexec Local Privilege Escalation
2022-03-03 00:00:00
threatpost
threatpost
Ubiquitous Linux Bug: ‘An Attacker’s Dream Come True’
2022-01-26 17:52:49
trendmicroblog
trendmicroblog
f5
f5
K46015513 : Polkit pkexec vulnerability CVE-2021-4034
2022-01-29 00:00:00
zdt
zdt
PolicyKit-1 0.105-31 - Privilege Escalation Exploit
2022-01-27 00:00:00
Polkit pkexec Local Privilege Escalation Exploit
2022-01-26 00:00:00
kitploit
kitploit
PwnKit-Exploit - Proof Of Concept (PoC) CVE-2021-4034
2022-03-07 11:30:00
gentoo
gentoo
Polkit: Local privilege escalation
2022-01-27 00:00:00
mageia
mageia
Updated polkit packages fix security vulnerability
2022-01-26 13:30:04
alpinelinux
alpinelinux
CVE-2021-4034
2022-01-28 20:15:12
debian
debian
[SECURITY] [DSA 5059-1] policykit-1 security update
2022-01-25 17:46:09
centos
centos
polkit security update
2022-01-26 20:42:52
rocky
rocky
polkit security update
2022-01-26 21:26:22
suse
suse
Security update for polkit (important)
2022-01-25 00:00:00
ics
ics
Siemens SCALANCE LPE 4903 and SINUMERIK Edge
2022-06-16 12:00:00
redhatcve
redhatcve
CVE-2021-4034
2022-05-07 14:22:00
CVSS2
7.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
8.6
Confidence
High
EPSS
0.001
Percentile
46.9%
Related for USN-5252-1