PwnKit Vulnerability (CVE-2021-4034)

PwnKit Vulnerability (CVE-2021-4034)

Security Updated on 1 min

No Loadbalancer.org appliances are affected by the PwnKit vulnerability (CVE-2021-4034).

A local privilege escalation vulnerability was found on polkit's pkexec utility. It is a critical vulnerability because it gives full root privileges to any local user or attacker. Almost all major Linux distributions are affected as polkit’s pkexec can be exploited in its default configuration. Discovered by the Qualys research team, the PwnKit vulnerability has a CVSS severity level of 7.8 out of 10.

“Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS. Other Linux distributions are likely vulnerable and probably exploitable.” More details can be found on Qualys website.

As mentioned, we do not include Polkit in our software distribution therefore all of our appliances are unaffected by the vulnerability.

For expert advice, contact our support team.