Mutare Security Advisory
|Published Date||January 28, 2022|
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034).
Mutare Voice Spam Filter, On-premise giSTT Appliance, Mutare Voice Call Completion, All Versions
A vulnerability (CVE-2021-4034) in Polkit’s pkexec has been weaponized in the wild. This vulnerability is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system.
The simple fix is to run the following command as root:
chmod 0755 /usr/bin/pkexec
Apply the most up-to-date patches for your respective Linux distribution(s) to best protect against attackers looking to exploit this vulnerability. Contact Mutare if you need assistance.