Added: 01/27/2022
CVE: CVE-2021-4034
Polkit is a Linux package for handling policies that allow unprivileged processes to communicate with privileged processes. It includes a tool called **pkexec**
that allows the user to execute commands as another user according to the polkit policy.
A privilege elevation vulnerability in **pkexec**
allows local unprivileged users to execute arbitrary commands with root privileges.
Upgrade to Polkit 0.121 or higher when available, or apply a fix from your Linux vendor.
<https://access.redhat.com/security/cve/CVE-2021-4034>
<https://gitlab.freedesktop.org/polkit/polkit/-/issues/166>
Exploit requires an existing unprivileged shell connection to the target.
Linux