exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 26 - 34 of 34 RSS Feed

CVE-2021-4034

Status Candidate

Overview

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

Related Files

Polkit pkexec CVE-2021-4034 Local Root
Posted Jan 26, 2022
Authored by Davide Berardi | Site github.com

Local privilege escalation root exploit for Polkit's pkexec vulnerability as described in CVE-2021-4034 and known as PwnKit.

tags | exploit, local, root
systems | linux
advisories | CVE-2021-4034
SHA-256 | 12d83236acbffaf0f0962a4bba1234b4a0a9221ec6681b9ef274c6a8a414398c
Download | Favorite | View
Red Hat Security Advisory 2022-0114-04
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0114-04 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.41.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-39241, CVE-2021-40346
SHA-256 | ed8e6ee8e1359e5ec6d149d048c3e6cee2c5658382a303084a7c82eada049519
Download | Favorite | View
Red Hat Security Advisory 2022-0026-06
Posted Jan 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0026-06 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.53. Issues addressed include a denial of service vulnerability.

tags | advisory, denial of service
systems | linux, redhat
advisories | CVE-2021-39241, CVE-2021-40346, CVE-2021-45105
SHA-256 | 451c409b763f0df46d3dc6e67675c9a195202dd0c8116f0345b2af81afa16600
Download | Favorite | View
Red Hat Security Advisory 2022-0024-04
Posted Jan 13, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0024-04 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.53.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-39241, CVE-2021-40346
SHA-256 | 0d0a89588329b251b1a260c34a29e7040d40f17e2a5968354e71cfcf72b0eadb
Download | Favorite | View
Red Hat Security Advisory 2021-5208-05
Posted Jan 6, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-5208-05 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.25.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-39240, CVE-2021-39241, CVE-2021-39242, CVE-2021-40346
SHA-256 | 88f67dac63d92fc84c82531e94bde8ecf9b24f7e33e48e6b0fd021305470e358
Download | Favorite | View
Red Hat Security Advisory 2021-4118-01
Posted Nov 11, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4118-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.6.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-39240, CVE-2021-39241, CVE-2021-39242, CVE-2021-40346
SHA-256 | 22d2757cf582854617e6cf5504492e3d3366ea36d83f0412abb88cdff0fa3b45
Download | Favorite | View
Debian Security Advisory 4968-1
Posted Sep 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4968-1 - Ori Hollander reported that missing header name length checks in the htx_add_header() and htx_add_trailer() functions in HAProxy, a fast and reliable load balancing reverse proxy, could result in request smuggling attacks or response splitting attacks.

tags | advisory
systems | linux, debian
advisories | CVE-2021-40346
SHA-256 | 722e6b1f007edff3fc58e6248446392cfef076d7541acd8ed38ea7e8add1a122
Download | Favorite | View
Debian Security Advisory 4970-1
Posted Sep 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4970-1 - Kevin Israel discovered that Postorius, the administrative web frontend for Mailman 3, didn't validate whether a logged-in user owns the email address when unsubscribing.

tags | advisory, web
systems | linux, debian
advisories | CVE-2021-40347
SHA-256 | d0c0d8c9e3c781e6faf36980659196a409ce5700fd69a57831a82485c7e65a85
Download | Favorite | View
Ubuntu Security Notice USN-5063-1
Posted Sep 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5063-1 - Ori Hollander discovered that HAProxy incorrectly handled HTTP header name length encoding. A remote attacker could possibly use this issue to inject a duplicate content-length header and perform request smuggling attacks.

tags | advisory, remote, web
systems | linux, ubuntu
advisories | CVE-2021-40346
SHA-256 | f4e2e56ce46b97faa45cc84bab033f1a97ee95fad217db2dccffed7fe8c6e543
Download | Favorite | View
Page 2 of 2
Back12Next

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close