Back to bug 2025869
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Tomas Hoger | 2021-11-23 10:31:33 UTC | CC | security-response-team | |
| Summary | EMBARGOED polkit: local privilege escalation to root in pkexec | EMBARGOED polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector | ||
| Tomas Hoger | 2021-11-23 10:32:34 UTC | Comment | 0 | updated |
| Tomas Hoger | 2021-11-23 10:43:14 UTC | CC | jrybar | |
| Clifford Perry | 2021-11-23 13:03:24 UTC | CC | bdettelb | |
| CC | cperry | |||
| Marco Benatto | 2021-11-23 14:33:04 UTC | Depends On | 2025970 | |
| Marco Benatto | 2021-11-23 14:33:41 UTC | Depends On | 2025974, 2025972, 2025975, 2025976, 2025973, 2025971 | |
| Przemyslaw Roguski | 2021-11-23 18:04:37 UTC | CC | bmontgom, eparis, jokerman, nstielau, sponnaga | michal.skrivanek, mperina, nobody, sbonazzo |
| Stoyan Nikolov | 2021-11-24 08:21:20 UTC | Depends On | 2026267, 2026268 | |
| Marco Benatto | 2021-12-15 12:44:46 UTC | Summary | EMBARGOED polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector | EMBARGOED CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector |
| Alias | CVE-2021-4034 | |||
| Blocks | 2027507 | |||
| Deadline | 2021-01-25 | |||
| Tomas Hoger | 2021-12-17 09:07:54 UTC | Deadline | 2021-01-25 | 2022-01-25 |
| Marco Benatto | 2021-12-22 14:12:59 UTC | Depends On | 2034935 | |
| Eli Marcus | 2022-01-04 14:50:35 UTC | Doc Text | A Local Privilege Escalation vulnerability (from any user to root) was found in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution. | |
| CC | emarcus | |||
| Marco Benatto | 2022-01-05 21:06:42 UTC | Doc Text | A Local Privilege Escalation vulnerability (from any user to root) was found in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution. | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed an attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. |
| Marco Benatto | 2022-01-05 21:10:39 UTC | Doc Text | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed an attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. |
| Eric Christensen | 2022-01-06 14:40:39 UTC | Doc Text | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. |
| Valerie Sroka | 2022-01-07 14:09:16 UTC | CC | vsroka | |
| Marco Benatto | 2022-01-07 14:50:38 UTC | Depends On | 2038188, 2038189, 2038187, 2038190 | |
| Marco Benatto | 2022-01-25 17:23:00 UTC | CC | mitr, polkit-devel, tgunders | |
| Summary | EMBARGOED CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector | CVE-2021-4034 polkit: Local privilege escalation in pkexec due to incorrect handling of argument vector | ||
| Deadline | 2022-01-25 | |||
| Group | security, qe_staff | |||
| Marco Benatto | 2022-01-25 17:23:17 UTC | Depends On | 2045563 | |
| errata-xmlrpc | 2022-01-25 17:58:51 UTC | Link ID | Red Hat Product Errata RHSA-2022:0265 | |
| errata-xmlrpc | 2022-01-25 18:01:39 UTC | Link ID | Red Hat Product Errata RHSA-2022:0268 | |
| errata-xmlrpc | 2022-01-25 18:09:31 UTC | Link ID | Red Hat Product Errata RHSA-2022:0266 | |
| errata-xmlrpc | 2022-01-25 18:16:19 UTC | Link ID | Red Hat Product Errata RHSA-2022:0267 | |
| errata-xmlrpc | 2022-01-25 18:17:05 UTC | Link ID | Red Hat Product Errata RHSA-2022:0269 | |
| errata-xmlrpc | 2022-01-25 18:18:33 UTC | Link ID | Red Hat Product Errata RHSA-2022:0270 | |
| errata-xmlrpc | 2022-01-25 18:26:58 UTC | Link ID | Red Hat Product Errata RHSA-2022:0272 | |
| errata-xmlrpc | 2022-01-25 18:38:18 UTC | Link ID | Red Hat Product Errata RHSA-2022:0271 | |
| errata-xmlrpc | 2022-01-25 18:59:48 UTC | Link ID | Red Hat Product Errata RHSA-2022:0273 | |
| errata-xmlrpc | 2022-01-25 19:59:07 UTC | Link ID | Red Hat Product Errata RHSA-2022:0274 | |
| Sandro Bonazzola | 2022-01-26 08:47:27 UTC | Depends On | 2046038 | |
| Clark Hale | 2022-01-26 15:10:43 UTC | CC | chale | |
| Frank Ch. Eigler | 2022-01-26 15:41:59 UTC | CC | fche | |
| Christian Kujau | 2022-01-26 15:58:28 UTC | CC | redhat | |
| Andy Bartlett | 2022-01-26 16:44:25 UTC | CC | andbartl | |
| Julio Entrena Perez | 2022-01-26 17:05:48 UTC | CC | jentrena | |
| Paul Dwyer | 2022-01-26 17:08:20 UTC | CC | pdwyer | |
| oarribas | 2022-01-27 08:12:09 UTC | CC | oarribas | |
| toni | 2022-01-27 12:02:54 UTC | CC | amarirom | |
| Abey Jose | 2022-01-27 13:37:59 UTC | CC | ajose | |
| Marco Benatto | 2022-01-27 13:55:40 UTC | Doc Text | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation giving unprivileged users administrative rights on the target machine. |
| Sam Wachira | 2022-01-27 14:08:11 UTC | CC | swachira | |
| errata-xmlrpc | 2022-01-27 17:08:23 UTC | Link ID | Red Hat Product Errata RHBA-2022:0319 | |
| David Hernández Fernández | 2022-01-27 18:20:32 UTC | CC | dahernan | |
| Robert Sandu | 2022-01-28 12:36:04 UTC | CC | rsandu | |
| Shubhag Saxena | 2022-01-31 14:40:44 UTC | CC | dtarabor | |
| CC | shsaxena | |||
| Shubhag Saxena | 2022-01-31 14:43:44 UTC | Flags | needinfo?(security-response-team) needinfo?(chale) | |
| errata-xmlrpc | 2022-01-31 15:17:22 UTC | Link ID | Red Hat Product Errata RHBA-2022:0326 | |
| Product Security DevOps Team | 2022-01-31 15:30:40 UTC | Flags | needinfo?(security-response-team) | needinfo?(mbenatto) |
| CC | mbenatto | |||
| errata-xmlrpc | 2022-01-31 15:43:59 UTC | Link ID | Red Hat Product Errata RHBA-2022:0327 | |
| Marco Benatto | 2022-01-31 18:00:48 UTC | CC | proguski | |
| Flags | needinfo?(proguski) | |||
| Marco Benatto | 2022-01-31 18:01:09 UTC | Flags | needinfo?(mbenatto) | |
| oarribas | 2022-01-31 18:24:30 UTC | Link ID | Red Hat Knowledge Base (Solution) 6683131 | |
| Przemyslaw Roguski | 2022-01-31 19:40:31 UTC | Flags | needinfo?(proguski) | |
| Kirsten Newcomer | 2022-01-31 22:29:29 UTC | CC | edharshbarger | |
| CC | edharshbarger | |||
| CC | knewcome | |||
| Rahul Rajendran | 2022-02-01 11:18:02 UTC | CC | rpalathi | |
| Ashish Prajapati | 2022-02-02 09:07:24 UTC | CC | aprajapa | |
| Asheth | 2022-02-02 14:35:17 UTC | CC | asheth | |
| Vladislav Walek | 2022-02-02 20:00:23 UTC | CC | vwalek | |
| Flags | needinfo?(proguski) | |||
| Aditya Soni | 2022-02-03 01:53:25 UTC | CC | adsoni | |
| Przemyslaw Roguski | 2022-02-03 10:17:50 UTC | Flags | needinfo?(proguski) | |
| Mithilesh Kaur Bagga | 2022-02-03 13:52:09 UTC | Flags | needinfo?(security-response-team) | |
| CC | mbagga | |||
| Product Security DevOps Team | 2022-02-03 14:42:42 UTC | Flags | needinfo?(security-response-team) | needinfo?(mbenatto) |
| Marco Benatto | 2022-02-03 14:52:49 UTC | Flags | needinfo?(proguski) | |
| Marco Benatto | 2022-02-03 14:53:07 UTC | Flags | needinfo?(mbenatto) | |
| Przemyslaw Roguski | 2022-02-03 17:54:48 UTC | Flags | needinfo?(proguski) | |
| Greg Rodriguez II | 2022-02-03 21:46:37 UTC | Flags | needinfo?(security-response-team) | |
| CC | grodrigu | |||
| Product Security DevOps Team | 2022-02-03 22:12:43 UTC | Flags | needinfo?(security-response-team) | needinfo?(mbenatto) |
| errata-xmlrpc | 2022-02-07 10:46:33 UTC | Link ID | Red Hat Product Errata RHSA-2022:0443 | |
| Mithilesh Kaur Bagga | 2022-02-07 12:09:03 UTC | Flags | needinfo?(security-response-team) | |
| Product Security DevOps Team | 2022-02-07 12:43:18 UTC | Flags | needinfo?(security-response-team) | needinfo?(mbenatto) |
| Mithilesh Kaur Bagga | 2022-02-08 14:56:26 UTC | Flags | needinfo?(security-response-team) | |
| Product Security DevOps Team | 2022-02-08 15:49:25 UTC | Flags | needinfo?(security-response-team) | needinfo?(mbenatto) |
| Gabriel Stein | 2022-02-10 08:29:26 UTC | CC | gferrazs | |
| Marco Benatto | 2022-02-10 12:24:16 UTC | Flags | needinfo?(mbenatto) needinfo?(mbenatto) needinfo?(mbenatto) | |
| Greg Rodriguez II | 2022-02-10 14:12:57 UTC | Flags | needinfo?(security-response-team) | |
| Product Security DevOps Team | 2022-02-10 14:51:54 UTC | Flags | needinfo?(security-response-team) | needinfo?(mbenatto) |
| Eli Marcus | 2022-02-15 10:06:22 UTC | Doc Type | If docs needed, set a value | No Doc Update |
| Red Hat Bugzilla | 2022-02-15 10:06:22 UTC | Doc Text | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation giving unprivileged users administrative rights on the target machine. | |
| Doc Type | No Doc Update | No Doc Update | ||
| errata-xmlrpc | 2022-02-15 10:58:58 UTC | Link ID | Red Hat Product Errata RHSA-2022:0540 | |
| Product Security DevOps Team | 2022-02-15 11:47:35 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2022-02-15 11:47:35 UTC | |||
| Vladislav Walek | 2022-02-16 20:16:53 UTC | Resolution | ERRATA | --- |
| Flags | needinfo?(security-response-team) | |||
| Status | CLOSED | NEW | ||
| Keywords | Reopened | |||
| 西门吹雪 | 2022-02-17 06:17:25 UTC | CC | 907949961 | |
| Flags | needinfo?(chale) needinfo?(mbenatto) needinfo?(security-response-team) | |||
| Marco Benatto | 2022-02-17 15:32:36 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2022-02-15 11:47:35 UTC | 2022-02-17 15:32:36 UTC | ||
| Marco Benatto | 2022-02-17 15:35:20 UTC | Flags | needinfo?(lnacshon) | |
| CC | lnacshon | |||
| Ronit Dey | 2022-02-22 10:44:02 UTC | CC | rdey |
Back to bug 2025869