By: Cybrary Staff
February 14, 2022
What is Polkit and Why Is There Urgency To Mitigate?
By: Cybrary Staff
February 14, 2022
What Is Polkit?
Polkit (formerly PolicyKit) is an application-level toolkit for managing access privileges in UNIX/LINUX-based systems. Polkit defines the security policies needed to handle unprivileged and privileged processes communications. Consider it a central command center for governing the decision-making processes regarding allowing unprivileged applications to take advantage of privilege operations. Unlike sudo, which gives full root permission for the executed process, Polkit is used to precisely control the access level of the executed process based on a centralized system policy.
The Pkexec, a command-line utility included with the Polkit package, allows an authorized user to execute a program as another user; if the "another user" name is not specified in the command prompt, the command will be executed as a root or superuser.
Pkexec Utility Issues
A security problem with the Pkexec utility was discovered in November 2021 by the Qualys Research Team. The issue appears when pkexec improperly handles the amount of command-line arguments. When properly exploited, the pkexec executes arbitrary code as a privileged user. By doing so, attackers can gain full access to vulnerable systems. This vulnerability is known as CVE-2021-4034.
The Polkit vulnerability has received a high CVSS score of 7.8 ("High severity") because the Polkit package comes pre-installed by default (since 2009) on all major Linux distributions. These distributions include Ubuntu, Debian, Fedora, OpenSUSE, and CentOS; these widely-used Linux distributions are vulnerable to this exploit.
Cybrary's Exploitation and Mitigation Course
The good news about the CVE-2021-4034 vulnerability is that attackers cannot exploit it remotely; hence, an attacker needs to execute this command on a local device to escalate privilege.
To help cybersecurity professionals understand how this exploit works and the best method to mitigate it, Cybrary has developed the Exploitation and Mitigation: Polkit CVE-2021-4034 course. During this course, security professionals, in both offensive and defensive roles and system administrators, will use a virtual lab to see how the Polkit exploit works in action. Learners will have the opportunity to simulate this attack and understand how to avoid this vulnerability in major Linux distributions. Upon completing this course, learners will become equipped with the necessary skills and knowledge to understand how adversaries can exploit this vulnerability and the best methods to mitigate it.
Why Enroll in the Polkit Course?
The Polkit vulnerability is dangerous and widespread - wellknown to adversaries. It grants the attacker local privilege escalation as a root user. After that, the entire system is controlled by the attacker, and all the data within: customers' PII (financial accounts and credit card numbers), trade secrets, employees' PHI (social security numbers and medical record numbers).
Security professionals reviewing the latest threat feeds know this shouldn't be taken lightly. By going through Cybrary's Polkit course, learners will have the chance to see the vulnerability exploited and mitigated in a safe environment so they can effectively design plans to protect their organizations.
Sign up for a Cybrary Insider Pro subscription today to access our interactive Exploitation and Mitigation: Polkit CVE-2021-4034 course and other threat-based training to sharpen your skills, mitigate risk, and better protect your organization.
Red Hat Customer Portal, CVE-2021-4034: https://access.redhat.com/security/cve/CVE-2021-4034
Jogi, PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit's pkexec (CVE-2021-4034): https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034