Answer

CVE-2021-4034 PKEXEC exploit

Forum|Forum|3 years ago
January 31, 2022
1 reply
547 views

+2

Pratyush
Vaulter

Hi All ,

Currently there is a warning about pkexec described in https://isc.sans.edu/diary/rss/28272.
I was able to validate PKEXEC tool existence as SUID binary on hyperscale nodes .

This seems to be OS level application and not used by commvault software .

I believe a simple chmod of this executable is enough to prevent the exploit of being used (chmod 0755 /usr/bin/pkexec)

Is there any action item on Commvault to remediate this or this needs to be addressed by customer by applying OS patches ?

Best answer by Aplynx

Development is reviewing this issue and will be addressing it, in the meantime you can use this workaround:

Vulnerability Name: CVE-2021-4034 - PwnKit
Vulnerability Description: A vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system.

A temporary mitigation for operating systems that have yet to push a patch is to use the following command to strip pkexec of the setuid bit:

chmod 0755 /usr/bin/pkexec

If you have a question or comment, please create a topic

+12

Aplynx
Vaulter
Answer
Forum|Forum|3 years ago
January 31, 2022

Development is reviewing this issue and will be addressing it, in the meantime you can use this workaround:

Vulnerability Name: CVE-2021-4034 - PwnKit
Vulnerability Description: A vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system.

A temporary mitigation for operating systems that have yet to push a patch is to use the following command to strip pkexec of the setuid bit:

chmod 0755 /usr/bin/pkexec

Liam