c06fd4aa80
* Add "PwnKit Vulnerability" - LPE The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. * Add Credits to README.MD * pwnkit: Move to shorter directory name * pwnkit: Add compiled version * pwnkit: Copy built binaries instead of compiling * make it executable * add credits Co-authored-by: Marc <foxtrot@malloc.me> |
||
---|---|---|
.. | ||
CVE-2021-4034_files | ||
README.md | ||
payload.txt |
README.md
PwnKit Vulnerability - Local Privilege Escalation
- Title: PwnKit Vulnerability - Local Privilege Escalation
- Author: TW-D
- Version: 1.0
- Target: Linux
- Category: Execution
- Credits: Qualys Research Team
Description
The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
Configuration
From "payload.txt" change the values of the following constant :
######## INITIALIZATION ########
readonly BB_LABEL="BashBunny"