Qualys I revealed Humanifications ( CVE-2021-4034 ) in the Polkit system component (former policykit) used in Linux distributions to organize execution Unprivileged users of actions requiring increased access rights. Vulnerability allows an unprivileged local user to increase its privileges to the root user and get full control over the system. The problem received the PWNKIT code name and notable preparation of the working exploit operating in the default configuration most Linux distributions.
The problem is present in the PKEXEC PKEXEC-supplied utility supplied with the SUID ROOT flag and is intended to start commands with other user privileges in accordance with the specified rules.
Polkit. Due to incorrect processing of the command-line transmitted in PKexec, an unprivileged user could get around the authentication and to start running commands with root rights, regardless of the installed access rules.
PKEXEC did not check the correctness of the command line arguments counter (ARGC) transmitted when the process is started in the ArgV array. It was understood that the first array recording always contains the name of the process (PKEXEC), and the second or NULL value, or the name of the command running via PKexec.