Mutare Security Advisory
Advisory ID | MUTARE-2022-01 |
Severity | Info |
CVE | None |
Published Date | January 28, 2022 |
Revision Date | — |
Overview
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034).
Affected Products/Versions
Mutare Voice Spam Filter, On-premise giSTT Appliance, Mutare Voice Call Completion, All Versions
Vulnerability Details
A vulnerability (CVE-2021-4034) in Polkit’s pkexec has been weaponized in the wild. This vulnerability is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system.
Workarounds
The simple fix is to run the following command as root:
chmod 0755 /usr/bin/pkexec
Solution
Apply the most up-to-date patches for your respective Linux distribution(s) to best protect against attackers looking to exploit this vulnerability. Contact Mutare if you need assistance.
References