Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-4034 PoC — polkit 缓冲区错误漏洞

Source
https://github.com/milot/dissecting-pkexec-cve-2021-4034
Associated Vulnerability
Title:polkit 缓冲区错误漏洞 (CVE-2021-4034)
Description:A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
Readme
## Dissecting pkexec CVE-2021-4034

### Introduction and Usage
#### Introduction
This is a part of the [blog post](https://milot.io/dissecting-pkexec-cve-2021-43267-vulnerability/) that explains how [CVE-2021-4034](https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034) actually works.

#### Usage
This repository contains a single C file that contains code and comments, the compilation and running the file is fairly straight forward:

```
gcc pkexec-cve-2021-4034.c -o run-milotio
```

### Disclaimer
Please read the [disclaimer](https://milot.io/about/#disclaimer) below which is the same on my website, this vulnerability has been analyzed for ethical and educational purposes solely to understand how to protect your systems and environments.

All contents on this repository are for informational and educational purposes only. I strongly believe that computer programming, ethical hacking, information security and cyber security in general should be familiar subject to anyone using computers and the internet. Information and code posted on this repository should be used to understand topics from the defense perspective and in general how to protect yourself from various threat actors. Information on this repository is strictly for educational purposes and should be used ethically.

The entire content has been written on a controlled environment mainly using my own routers, servers, websites, computers and other resources (such as TryHackMe, HackTheBox and VulnHub) they do not contain any illegal activity. I don't promote, encourage, support or excite any illegal activity or hacking without written consent. I want to raise security awareness and inform the general opinion on how to prevent themselves from being a victim of malicious actors. If you plan to use the information for illegal purposes, please leave this blog now. I cannot be held responsible for any misuse of the given information.
File Snapshot

 [4.0K]  /data/pocs/37c554dedbaafc8ff7e5c5b20bfbff46df0a46d4
├── [4.2K]  pkexec-cve-2021-4034.c
└── [2.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →