The Qualys Research Team identified a memory corruption flaw in Polkit’s pkexec, a SUID-root tool that comes pre-installed on every major Linux distribution. By exploiting this easily exploited vulnerability (CVE-2021-4034) in its default configuration, any unprivileged user can gain full root privileges on a vulnerable host. Polkit (previously PolicyKit) is a Unix-like operating system … Continue reading “PwnKit: Polkit pkexec Local Privilege Escalation Vulnerability (CVE-2021-4034)”