Mutare Security Advisory

Advisory IDMUTARE-2022-01
SeverityInfo
CVENone
Published DateJanuary 28, 2022
Revision Date

Overview

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034).

Affected Products/Versions

Mutare Voice Spam Filter, On-premise giSTT Appliance, Mutare Voice Call Completion, All Versions

Vulnerability Details

A vulnerability (CVE-2021-4034) in Polkit’s pkexec has been weaponized in the wild. This vulnerability is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system.

Workarounds

The simple fix is to run the following command as root:
chmod 0755 /usr/bin/pkexec

Solution

Apply the most up-to-date patches for your respective Linux distribution(s) to best protect against attackers looking to exploit this vulnerability. Contact Mutare if you need assistance.

References