Solved

CVE-2021-4034 PKEXEC exploit

3 years ago
January 31, 2022
1 reply
529 views

Pratyush
Vaulter
5 replies

Hi All ,

Currently there is a warning about pkexec described in https://isc.sans.edu/diary/rss/28272.
I was able to validate PKEXEC tool existence as SUID binary on hyperscale nodes .

This seems to be OS level application and not used by commvault software .

I believe a simple chmod of this executable is enough to prevent the exploit of being used (chmod 0755 /usr/bin/pkexec)

Is there any action item on Commvault to remediate this or this needs to be addressed by customer by applying OS patches ?

Best answer by Aplynx

Development is reviewing this issue and will be addressing it, in the meantime you can use this workaround:

Vulnerability Name: CVE-2021-4034 - PwnKit
Vulnerability Description: A vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system.

A temporary mitigation for operating systems that have yet to push a patch is to use the following command to strip pkexec of the setuid bit:

chmod 0755 /usr/bin/pkexec

View original

Did this answer your question?

If you have a question or comment, please create a topic

+13

Aplynx
Vaulter
291 replies
Answer
3 years ago
January 31, 2022

Development is reviewing this issue and will be addressing it, in the meantime you can use this workaround:

A temporary mitigation for operating systems that have yet to push a patch is to use the following command to strip pkexec of the setuid bit:

chmod 0755 /usr/bin/pkexec

Liam

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

Cookie settings

We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.

Basic
Functional

Normal
Functional + analytics

Complete
Functional + analytics + social media + embedded videos + marketing

Related topics

Atualização de software na TV Satélite

Xiaomi TV Stick 4K e NOS TV testada por Diogo

A NOS bloqueou-me porque eu não aceitei ter publicidade personalizada na TV. Alguém mais passou ou está a passar por isto?!icon

Alterações na grelha NOS

Televisão NOS – O que precisa saber

Most helpful members this week

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded

Cookie policy

Cookie settings