search

berdav / CVE-2021-4034

CVE-2021-4034 1day
MIT License
1.94k stars 508 forks source link

Not working on raspbian #10

Closed CyberKid1987 closed 2 years ago

CyberKid1987 commented 2 years ago

Any help? Screenshot_20220127-051708330 (1) 🙂

owl4ce commented 2 years ago

The README.md says:

Updating polkit on most systems will patch the exploit, therefore you'll get the usage and the program will exit:

vagrant@ubuntu-impish:~/CVE-2021-4034$ ./cve-2021-4034
pkexec --version |
       --help |
       --disable-internal-agent |
       [--user username] PROGRAM [ARGUMENTS...]

See the pkexec manual page for more details.
vagrant@ubuntu-impish:~/CVE-2021-4034$
berdav commented 2 years ago

I've tested it with a not updated raspbian and it works.

Updating policykit-1 will patch this vulnerability.

pi@raspberrypi:~/CVE-2021-4034 $ apt list --upgradable 2>&1 | grep policykit-1
policykit-1/stable 0.105-31+rpt1+deb11u1 armhf [upgradable from: 0.105-31+rpt1]
pi@raspberrypi:~/CVE-2021-4034 $ pkexec --version
pkexec version 0.105
pi@raspberrypi:~/CVE-2021-4034 $ ./cve-2021-4034
# whoami
root
# exit

Closing for now, can you check the version of your polkit installed package? (with the debian patch version)