A vulnerability in polkit's pkexec command (CVE-2021-4034) has been publicly disclosed. Even though HYCU does not use or need this command, bad actors could misuse it. We strongly recommend customers take the following safety precautions.
Date of Publication
Feb 3rd 2022
Recently, a vulnerability in polkit's pkexec command (CVE-2021-4034) has been publicly disclosed. The pkexec application is a tool available on Linux distributions and designed to allow unprivileged users to run commands as privileged users as defined in their policies. The current version of pkexec in Linux distributions, including the version that is part of HYCU’s Enterprise Cloud virtual appliance, does not handle the calling parameters count correctly and attempts to execute environment variables as commands. An attacker can leverage this by crafting environment variables in a way that leads pkexec to execute arbitrary code. When successfully executed, the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
HYCU Data Protection for Enterprise Clouds does not require pkexec. To mitigate the issue, we strongly encourage customers to remove the SUID-bit from pkexec to eliminate the permission using the following command:
chmod 0755 /usr/bin/pkexec
Please sign in to leave a comment.