CVE-2021-4034 - 漏洞详情

CVE-2021-4034 (CNNVD-202201-2343)

HIGH 有利用代码

中文标题:

polkit 缓冲区错误漏洞

英文标题:

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec applicat...

CVSS分数: 7.8

发布时间: 2022-01-28 00:00:00

漏洞类型: 缓冲区错误

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v4

漏洞描述

中文描述:

polkit是一个在类 Unix操作系统中控制系统范围权限的组件。通过定义和审核权限规则，实现不同优先级进程间的通讯。 polkit 的 pkexec application存在缓冲区错误漏洞，攻击者可利用该漏洞通过精心设计环境变量诱导pkexec执行任意代码。成功执行攻击后，如果目标计算机上没有权限的用户拥有管理权限，攻击可能会导致本地权限升级。

英文描述:

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.

CWE类型:

CWE-125 CWE-787

受影响产品

厂商	产品	版本	版本范围	平台	CPE
polkit_project	polkit	*	-	-	`cpe:2.3:a:polkit_project:polkit::::::::`
redhat	enterprise_linux_server_update_services_for_sap_solutions	7.6	-	-	`cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:::::::*`
redhat	enterprise_linux_server_update_services_for_sap_solutions	7.7	-	-	`cpe:2.3:a:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:::::::*`
redhat	enterprise_linux	8.0	-	-	`cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*`
redhat	enterprise_linux_desktop	7.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*`
redhat	enterprise_linux_eus	8.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*`
redhat	enterprise_linux_for_ibm_z_systems	7.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:::::::*`
redhat	enterprise_linux_for_ibm_z_systems	8.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*`
redhat	enterprise_linux_for_ibm_z_systems_eus	8.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2:::::::*`
redhat	enterprise_linux_for_ibm_z_systems_eus	8.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:::::::*`
redhat	enterprise_linux_for_power_big_endian	7.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*`
redhat	enterprise_linux_for_power_little_endian	7.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*`
redhat	enterprise_linux_for_power_little_endian	8.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*`
redhat	enterprise_linux_for_power_little_endian_eus	8.1	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:::::::*`
redhat	enterprise_linux_for_power_little_endian_eus	8.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:::::::*`
redhat	enterprise_linux_for_power_little_endian_eus	8.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:::::::*`
redhat	enterprise_linux_for_scientific_computing	7.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*`
redhat	enterprise_linux_server	6.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*`
redhat	enterprise_linux_server	7.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*`
redhat	enterprise_linux_server_aus	7.3	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*`
redhat	enterprise_linux_server_aus	7.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*`
redhat	enterprise_linux_server_aus	7.6	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*`
redhat	enterprise_linux_server_aus	7.7	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*`
redhat	enterprise_linux_server_aus	8.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*`
redhat	enterprise_linux_server_aus	8.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*`
redhat	enterprise_linux_server_eus	8.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_eus:8.4:::::::*`
redhat	enterprise_linux_server_tus	7.6	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*`
redhat	enterprise_linux_server_tus	7.7	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*`
redhat	enterprise_linux_server_tus	8.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*`
redhat	enterprise_linux_server_tus	8.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*`
redhat	enterprise_linux_server_update_services_for_sap_solutions	8.1	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:::::::*`
redhat	enterprise_linux_server_update_services_for_sap_solutions	8.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.2:::::::*`
redhat	enterprise_linux_server_update_services_for_sap_solutions	8.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.4:::::::*`
redhat	enterprise_linux_workstation	7.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*`
canonical	ubuntu_linux	14.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::`
canonical	ubuntu_linux	16.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::`
canonical	ubuntu_linux	18.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::`
canonical	ubuntu_linux	20.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:20.04::::lts:::`
canonical	ubuntu_linux	21.10	-	-	`cpe:2.3:o:canonical:ubuntu_linux:21.10:::::::*`
suse	enterprise_storage	7.0	-	-	`cpe:2.3:a:suse:enterprise_storage:7.0:::::::*`
suse	linux_enterprise_high_performance_computing	15.0	-	-	`cpe:2.3:a:suse:linux_enterprise_high_performance_computing:15.0:sp2:::-:::*`
suse	manager_proxy	4.1	-	-	`cpe:2.3:a:suse:manager_proxy:4.1:::::::*`
suse	manager_server	4.1	-	-	`cpe:2.3:a:suse:manager_server:4.1:::::::*`
suse	linux_enterprise_desktop	15	-	-	`cpe:2.3:o:suse:linux_enterprise_desktop:15:sp2::::::`
suse	linux_enterprise_server	15	-	-	`cpe:2.3:o:suse:linux_enterprise_server:15:sp2::::-::*`
suse	linux_enterprise_workstation_extension	12	-	-	`cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp5::::::`
oracle	http_server	12.2.1.3.0	-	-	`cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*`
oracle	http_server	12.2.1.4.0	-	-	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`
oracle	zfs_storage_appliance_kit	8.8	-	-	`cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*`
siemens	sinumerik_edge	*	-	-	`cpe:2.3:a:siemens:sinumerik_edge::::::::`
siemens	scalance_lpe9403_firmware	*	-	-	`cpe:2.3:o:siemens:scalance_lpe9403_firmware::::::::`
starwindsoftware	command_center	1.0	-	-	`cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871::::::`
starwindsoftware	starwind_virtual_san	v8	-	-	`cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338::::::`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

无标题 OTHER
cve.org

访问

af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov

访问

134c704f-9b21-4f2e-91b3-4a467353bcc0 OTHER
nvd.nist.gov

访问

ExploitDB EDB-50689 EXPLOIT
exploitdb

访问

Download Exploit EDB-50689 EXPLOIT
exploitdb

访问

CVE Reference: CVE-2021-4034 ADVISORY
cve.org

访问

CVSS评分详情

3.1 (adp)

HIGH

7.8

CVSS向量: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

机密性

HIGH

完整性

HIGH

可用性

HIGH

时间信息

发布时间:

2022-01-28 00:00:00

修改时间:

2025-10-21 23:15:48

创建时间:

2025-11-11 15:37:01

更新时间:

2025-11-11 16:59:40

利用信息

此漏洞有可利用代码！

利用代码数量: 1

利用来源:

未知

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2021-4034`	2025-11-11 15:21:12	2025-11-11 07:37:01
NVD	`nvd_CVE-2021-4034`	2025-11-11 14:57:48	2025-11-11 07:45:19
CNNVD	`cnnvd_CNNVD-202201-2343`	2025-11-11 15:10:48	2025-11-11 07:57:06
EXPLOITDB	`exploitdb_EDB-50689`	2025-11-11 15:05:25	2025-11-11 08:59:40

版本与语言

当前版本: v4

主要语言: EN

支持语言:

EN ZH

其他标识符:

安全公告

暂无安全公告信息

变更历史

v4 EXPLOITDB

2025-11-11 16:59:40

references_count: 13 → 16; tags_count: 0 → 3; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']

查看详细变更

references_count: 13 -> 16
tags_count: 0 -> 3
data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']

v3 CNNVD

2025-11-11 15:57:06

vulnerability_type: 未提取 → 缓冲区错误; cnnvd_id: 未提取 → CNNVD-202201-2343; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 缓冲区错误
cnnvd_id: 未提取 -> CNNVD-202201-2343
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:45:19

affected_products_count: 0 → 53; references_count: 11 → 13; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

affected_products_count: 0 -> 53
references_count: 11 -> 13
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2021-4034 (CNNVD-202201-2343)

中文标题:

polkit 缓冲区错误漏洞

英文标题:

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec applicat...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

3.1 (adp)

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史