01-28-2022 10:01 AM - edited 01-28-2022 10:06 AM
Your Expedition VM might be vulnerable to the CVE-2021-4034, here is the Info regarding the vulnerability:
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).
Please refer to the website for detail info : https://ubuntu.com/security/cve-2021-4034
To Patch your Ubuntu system, please follow below steps:
1. Adding below line to the /etc/apt/sources.list :
deb http://security.ubuntu.com/ubuntu focal-security main
2. Run below commands to update the policy-1 package:
$sudo apt-get update
$sudo apt-get install policykit-1
3. Verify the policykit-1 package has been updated to v. 0.105-26ubuntu1.2 as shown in below screen:
Those who can’t patch immediately should use below command to remove the SUID-bit from pkexec:
$chmod 0755 /usr/bin/pkexec
