VDB
DEBIAN-CVE-2021-4034
DEBIAN-CVE-2021-4034
PUBLISHED
CVSS 7.800000190734863 HIGH
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | policykit-1 | 0, 0, 0 |
| Debian:11 | policykit-1 | 0.105-31, 0, 0.105-31 |
| Debian:14 | policykit-1 | 0, 0, 0 |
| Debian:13 | policykit-1 | 0, 0, 0 |
Exploit Intelligence
- PoC for PwnKit-CVE-2021-4034 - Pkexec Local Privilege Escalation (github-poc-repo)
- PoC for PwnKit-CVE-2021-4034 - Pkexec Local Privilege Escalation (github-poc)
- El exploit para obtener root usado la vulnerabilidad del CVE-2021-4034 o tambien llamado PwnKit el cual permite teniendo un shell hacer una escalada de privilegios siempre y cuando la version de pkexec sea = o < que la v0.105 (github-poc-repo)
- El exploit para obtener root usado la vulnerabilidad del CVE-2021-4034 o tambien llamado PwnKit el cual permite teniendo un shell hacer una escalada de privilegios siempre y cuando la version de pkexec sea = o < que la v0.105 (github-poc)
- usmansec/-CVE-2021-4034 (github-poc-repo)
- usmansec/-CVE-2021-4034 (github-poc)
- PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec in Python (github-poc)
- Advanced Linux Privilege Escalation research on CVE-2021-4034 (PwnKit). Features an optimized exploit with 7 polymorphic payload modes (Interactive Shell, Backdoor, User Creation, Reverse Shell, etc). Portfolio piece focused on memory corruption logic, environment variable manipulation, and anti-forensic techniques. (github-poc-repo)
- Advanced Linux Privilege Escalation research on CVE-2021-4034 (PwnKit). Features an optimized exploit with 7 polymorphic payload modes (Interactive Shell, Backdoor, User Creation, Reverse Shell, etc). Portfolio piece focused on memory corruption logic, environment variable manipulation, and anti-forensic techniques. (github-poc)
- Leemyunglyul/cve-2021-4034-mock (github-poc-repo)
…and 145 more exploits
Timeline
- Jan 28, 2022 CVE Published
- Apr 28, 2026 CVE Updated