Security Advisory MUTARE-2022-01

Advisory ID	MUTARE-2022-01
Severity	Info
CVE	None
Published Date	January 28, 2022
Revision Date	—

Overview

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034).

Affected Products/Versions

Mutare Voice Spam Filter, On-premise giSTT Appliance, Mutare Voice Call Completion, All Versions

Vulnerability Details

A vulnerability (CVE-2021-4034) in Polkit’s pkexec has been weaponized in the wild. This vulnerability is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system.

Workarounds

The simple fix is to run the following command as root:
chmod 0755 /usr/bin/pkexec

Solution

Apply the most up-to-date patches for your respective Linux distribution(s) to best protect against attackers looking to exploit this vulnerability. Contact Mutare if you need assistance.

References

https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

Mutare

Contact

Mission

Stay Updated