CVE-2021-4034 polkit privilege escalation
Bug #1960087 reported by
Joe Slater
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
Medium
|
Joe Slater |
Bug Description
pkexec can be used to gain root access by passing no arguments to it and crafting the environment.
Details of this exploit have not been made available.
A workaround is to clear the SUID bit for pkexec.
References - https:/
https:/
https:/
CVE References
Changed in starlingx: | |
assignee: | nobody → Joe Slater (jslater0wind) |
tags: | added: stx.security |
Changed in starlingx: | |
importance: | Undecided → Medium |
tags: | added: stx.7.0 |
Changed in starlingx: | |
status: | New → Triaged |
information type: | Public → Public Security |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/828180
Review: https:/