Bug 29954 - pkexec leads to root rights, see CVE-2021-4034
Summary: pkexec leads to root rights, see CVE-2021-4034
Status: RESOLVED DUPLICATE of bug 29944
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal critical
Target Milestone: ---
Assignee: Mageia Bug Squad
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-01-28 09:53 CET by Markus Robert Keßler
Modified: 2022-01-28 21:26 CET (History)
1 user (show)

See Also:
Source RPM: polkit-0.116-1.1.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Markus Robert Keßler 2022-01-28 09:53:01 CET 
Description of problem:

pkexec leads to root rights, see CVE-2021-4034


Version-Release number of selected component (if applicable):

Applies to MGA7x64, but most probably all other versions also affected



Steps to Reproduce:

cd /tmp
git clone https://github.com/berdav/CVE-2021-4034
cd CVE-2021-4034
make
./cve-2021-4034
id


Workaround before patch:

chmod u-s /usr/bin/pkexec
Comment 1 sturmvogel 2022-01-28 10:02:21 CET 
Duplicate of Bug 29944 

It's already fixed.

Mageia 7 is EOL since june 2021. Invalid!
Comment 2 Markus Robert Keßler 2022-01-28 10:27:06 CET 
Are you kidding? -- Everyone not having had the time yet to completely re-install everything is being left alone with this severe bug?
Hard to believe.

Please think twice
Comment 3 Dave Hodgins 2022-01-28 18:28:48 CET 
This is 7 months since Mageia 7 reached end of support and there is a simple
work around. As root run "chmod 0755 /usr/bin/pkexec".
 
That will mean pkexec doesn't work anymore. Running things like rpmdrake as a
regular user will not work. You must use an alternative approach to get root
privileges (open a terminal, use "su -" and then run rpmdrake or use sudo rpmdrake if you've configured sudo).

CC: (none) => davidwhodgins

Comment 4 Lewis Smith 2022-01-28 20:55:59 CET 
(In reply to Markus Robert Keßler from comment #2)
> Are you kidding? -- Everyone not having had the time yet to completely
> re-install everything is being left alone with this severe bug?
This is unfair given that it has been adreseed in Mageia 8.
If you want to roll forward your current M7 installation to M8, then Upgrade it. No need to re-install everything.

(In reply to sturmvogel from comment #1)
> Duplicate of Bug 29944 
> It's already fixed.
> Mageia 7 is EOL since june 2021. Invalid!
Thank you for spotting the duplicate. Closing as 'duplicate' rather than 'invalid', even though the latter is more correct in the circumstances.

*** This bug has been marked as a duplicate of bug 29944 ***

Version: 7 => 8
Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED

Comment 5 Markus Robert Keßler 2022-01-28 21:26:06 CET 
Resolved NOW:

https://www.dipl-ing-kessler.de/developer/test/linux-src/mageia7/polkit

I found out that the patch from Redhat works with the original source, so, I created an updated package based on that.

All those who are running MGA7-x64 are invited to get it from there.

Markus
Note You need to log in before you can comment on or make changes to this bug.