Exploit for Out-of-bounds Write in Polkit Project Polkit CVE-2021-4034

Name: Exploit for Out-of-bounds Write in Polkit Project Polkit CVE-2021-4034
Rating: 5 (77 reviews)

2023-01-24 | CVSS 7.2

## https://sploitus.com/exploit?id=D4177D76-F32E-59C8-BDDB-105E9ADA8A3C
# CVE-2021-4034

This is a PoC for PwnKit __*Local Privilege Escalation Vulnerability*__ 
that was discovered by [Qualys Security Team](https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034).

>The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution.

#### Proof Of Concept

*The following image is used to show the payload in action in a debian based operating system*

![poc.png](https://i.imgur.com/V5I8SBf.png)

#### Usage

- Included in this repository are 2 versions of the exploit, one is self-contained and can work against every vulnerable linux machine and the other requires gcc installed on the vulnerable linux computer. The recommended is the self-contained exploit since its fast and does not require any dependencies. I have included both the exploits for learning purposes.