Title: Polkit: Local privilege escalation ([glsa=202201-01]GLSA 202201-01[/glsa])
Severity: high
Exploitable: local
Date: 2022-01-27
Bug(s): #832057
ID: 202201-01
Synopsis
A vulnerability in polkit could lead to local root privilege escalation.
Background
polkit is a toolkit for managing policies related to unprivileged processes communicating with privileged process.
Affected Packages
Package: sys-auth/polkit
Vulnerable: < 0.120-r2
Unaffected: >= 0.120-r2
Architectures: All supported architectures
Description
Flawed input validation of arguments was discovered in the 'pkexec' program's main() function.
Impact
A local attacker could achieve root privilege escalation.
Workaround
Run the following command as root:
# chmod 0755 /usr/bin/pkexec
Resolution
Upgrade Polkit to a patched version.
Code: Select all
# emerge --sync
# emerge --ask --verbose ">=sys-auth/polkit-0.120-r2"References
CVE-2021-4034