Ubuntu Patch for CVE-2021-4034

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Audit
Last Reviewed: 08-27-2023 08:18 PM
Audited By: JayGolf
L6 Presenter
No ratings

Your Expedition VM might be vulnerable to the CVE-2021-4034, here is the Info regarding the vulnerability:

 

Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).

Please refer to the website for detail info : https://ubuntu.com/security/cve-2021-4034

To Patch your Ubuntu system, please follow below steps:

 

1. Adding below line to the /etc/apt/sources.list :

deb http://security.ubuntu.com/ubuntu focal-security main 

2. Run below commands to update the policy-1 package:

$sudo apt-get update
$sudo apt-get install policykit-1

3. Verify the policykit-1 package has been updated to v. 0.105-26ubuntu1.2 as shown in below screen:

 

Screen Shot 2022-01-28 at 9.55.32 AM.png

 

Those who can’t patch immediately should use below command to remove the SUID-bit from pkexec:

 

$chmod 0755 /usr/bin/pkexec

 

Rate this article:
  • 6957 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Contributors
Article Dashboard
Version history
Last Updated:
‎01-28-2022 10:06 AM
Updated by: