What is Polkit Privilege Escalation - (CVE-2021–4034)?
- "A memory corruption vulnerability in Polkit's pkexec, witch allows any unprivileged user to gain full root privilege on a vulnerable system using default polkit configuration"
cit. Bharat Jogi, qualys.com
{{< vimeo 669715589 >}}
Links
- [In deth analysis from Bharat Jogi, qualys.com](https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034)
- [Red Hat CVE-2021-4034](https://access.redhat.com/security/cve/CVE-2021-4034)
- [Red Hat RHSB-2022-001 Ansible Playbook 1.0](https://access.redhat.com/security/vulnerabilities/RHSB-2022-001#ansible-playbook)
## Playbook
How to mitigrate Polkit Privilege Escalation - PWNKIT (CVE-2021–4034) on RedHat-like systems using the Ansible Playbook downloaded from RHSB-2022–001.
code
Code downloaded from [Red Hat RHSB-2022-001 Ansible Playbook 1.0](https://access.redhat.com/security/vulnerabilities/RHSB-2022-001#ansible-playbook) .
execution
```bash
ansible-pilot $ ansible-playbook -i virtualmachines/demo/inventory -e "HOSTS=demo.example.com" cve-2021-4034/cve-2021-4034_stap_mitigate--2022-01-25-0936.yml
PLAY [Block pkexec with empty first argument with systemtap] **
TASK [Gathering Facts]
ok: [demo.example.com]
TASK [Install systemtap packages] *
changed: [demo.example.com]
TASK [(RHEL 7) Install kernel debuginfo] **
skipping: [demo.example.com]
TASK [(RHEL 6/8) Install polkit debuginfo]
changed: [demo.example.com]
TASK [(RHEL 6) Install libselinux-python] *
skipping: [demo.example.com]
TASK [Create systemtap script] **
changed: [demo.example.com]
TASK [Checking if stap_pkexec_block module is already loaded] *
ok: [demo.example.com]
TASK [Install systemtap script] *
changed: [demo.example.com]
PLAY RECAP **
demo.example.com : ok=6 changed=4