Solved

CVE-2021-4034 PKEXEC exploit

3 years ago
January 31, 2022
1 reply
529 views

Pratyush
Vaulter
5 replies

Hi All ,

Currently there is a warning about pkexec described in https://isc.sans.edu/diary/rss/28272.
I was able to validate PKEXEC tool existence as SUID binary on hyperscale nodes .

This seems to be OS level application and not used by commvault software .

I believe a simple chmod of this executable is enough to prevent the exploit of being used (chmod 0755 /usr/bin/pkexec)

Is there any action item on Commvault to remediate this or this needs to be addressed by customer by applying OS patches ?

Best answer by Aplynx

Development is reviewing this issue and will be addressing it, in the meantime you can use this workaround:

Vulnerability Name: CVE-2021-4034 - PwnKit
Vulnerability Description: A vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system.

A temporary mitigation for operating systems that have yet to push a patch is to use the following command to strip pkexec of the setuid bit:

chmod 0755 /usr/bin/pkexec

View original

Did this answer your question?

If you have a question or comment, please create a topic

+13

Aplynx
Vaulter
291 replies
Answer
3 years ago
January 31, 2022

Development is reviewing this issue and will be addressing it, in the meantime you can use this workaround:

A temporary mitigation for operating systems that have yet to push a patch is to use the following command to strip pkexec of the setuid bit:

chmod 0755 /usr/bin/pkexec

Liam

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

Related topics

Multiple Document Object Connections in Aurenaicon

Connect One Object to Multiple Existing Document Revisionsicon

Troubleshooting DocMan over SMBicon

Document Object Connections - Aurenaicon

Attachments/Document object connections do not show in Aurena - but it works fine in IEE client

Most helpful members this week

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings