Giter Site home page Giter Site logo

need a bit more info about cve-2021-4034 HOT 5 CLOSED

berdav avatar berdav commented on August 24, 2024
need a bit more info

from cve-2021-4034.

Comments (5)

berdav avatar berdav commented on August 24, 2024 2

Hi, as detailed in #15 the new polkit versions set the GIO_USE_VFS global variable to the value local.

This value will break the loading of a library from a custom location, such as the one used in the exploit.

Sources:
https://docs.gtk.org/gio/overview.html

https://bugs.freedesktop.org/show_bug.cgi?id=95487

from cve-2021-4034.

berdav avatar berdav commented on August 24, 2024 1

Thank you!

I've added an example to the Readme with the shell and the output when patched.

from cve-2021-4034.

hetzbh avatar hetzbh commented on August 24, 2024

Yeah, I just checked it on Fedora 34 (Raspberry Pi) and Rocky Linux 8.5. Both don't have polkit updated packages installed..
In both cases there is a message on journal, but no root..

]$ ./cve-2021-4034
GLib: Cannot convert message: Could not open converter from “UTF-8” to “PWNKIT”
The value for the SHELL variable was not found the /etc/shells file

This incident has been reported.
[hetz@containers CVE-2021-4034]$ rpm -qi polkit
Name        : polkit
Version     : 0.117
Release     : 3.fc34.1
Architecture: aarch64
Install Date: Mon 14 Jun 2021 06:41:47 PM IDT
Group       : Unspecified
Size        : 662769
License     : LGPLv2+
Signature   : RSA/SHA256, Thu 03 Jun 2021 03:44:20 PM IDT, Key ID 1161ae6945719a39
Source RPM  : polkit-0.117-3.fc34.1.src.rpm
Build Date  : Thu 03 Jun 2021 03:28:08 PM IDT
Build Host  : buildvm-a64-32.iad2.fedoraproject.org
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://www.freedesktop.org/wiki/Software/polkit
Bug URL     : https://bugz.fedoraproject.org/polkit
Summary     : An authorization framework
Description :
polkit is a toolkit for defining and handling authorizations.  It is
used for allowing unprivileged processes to speak to privileged
processes.

from cve-2021-4034.

chron0 avatar chron0 commented on August 24, 2024

Same on gentoo...

from cve-2021-4034.

kenshin33 avatar kenshin33 commented on August 24, 2024

Sorry for the necromancing :
I had almost the same code, worked fine on debian but not on gentoo.
traced tot the fact that getenv("GCONV_PATH") returns null inspite __environ[0]== "GCONV+PATH=./asdasd".
(the *ep pointer in glibc's getenv.c point to the value set by execve inspite of the fact that at the start pf the loop ep is set to __environ, or at least my limited knowledge of gdb yielded that).

the fix I stole from here: setting GIO_USE_VFS= before execveing pkexec. why?!?!

from cve-2021-4034.

Related Issues (19)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.