GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Thu Jan 27, 2022 6:26 am Post subject: [ GLSA 202201-01 ] Polkit |
|
|
Gentoo Linux Security Advisory
Title: Polkit: Local privilege escalation (GLSA 202201-01)
Severity: high
Exploitable: local
Date: 2022-01-27
Bug(s): #832057
ID: 202201-01
Synopsis
A vulnerability in polkit could lead to local root privilege escalation.
Background
polkit is a toolkit for managing policies related to unprivileged processes communicating with privileged process.
Affected Packages
Package: sys-auth/polkit
Vulnerable: < 0.120-r2
Unaffected: >= 0.120-r2
Architectures: All supported architectures
Description
Flawed input validation of arguments was discovered in the 'pkexec' program's main() function.
Impact
A local attacker could achieve root privilege escalation.
Workaround
Run the following command as root:
# chmod 0755 /usr/bin/pkexec
Resolution
Upgrade Polkit to a patched version. Code: | # emerge --sync
# emerge --ask --verbose ">=sys-auth/polkit-0.120-r2" |
References
CVE-2021-4034
Last edited by GLSA on Tue Feb 01, 2022 4:17 am; edited 1 time in total |
|