How to mitigate Polkit Privilege Escalation - PWNKIT (CVE-2021-4034) on RedHat-like systems - Ansible playbook mitigation
How to automate the mitigation of Polkit Privilege Escalation — PWNKIT (CVE-2021–4034) on RedHat-like systems using the Ansible Playbook 1.0 published on RHSB-2022–001. Line by line comment and live demo on vulnerable Red Hat Enterprise Linux 8.5.
January 27, 2022
#ansible
#polkit
#pwnkit
#module
#linux
#security
#devsecops
#rhel
#centos
#fedora
#ubuntu
#debian
#suse
What is Polkit Privilege Escalation - (CVE-2021–4034)?
- “A memory corruption vulnerability in Polkit’s pkexec, witch allows any unprivileged user to gain full root privilege on a vulnerable system using default polkit configuration” cit. Bharat Jogi, qualys.com
Links
- In deth analysis from Bharat Jogi, qualys.com
- Red Hat CVE-2021-4034
- Red Hat RHSB-2022-001 Ansible Playbook 1.0
The Best Resources For Ansible
Video Course
Printed Book
eBooks
- Ansible by Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
- Ansible For Windows By Examples: 50+ Automation Examples For Windows System Administrator And DevOps
- Ansible For Linux by Examples: 100+ Automation Examples For Linux System Administrator and DevOps
- Ansible Linux Filesystem By Examples: 40+ Automation Examples on Linux File and Directory Operation for Modern IT Infrastructure
- Ansible For Containers and Kubernetes By Examples: 20+ Automation Examples To Automate Containers, Kubernetes and OpenShift
- Ansible For Security by Examples: 100+ Automation Examples to Automate Security and Verify Compliance for IT Modern Infrastructure
- Ansible Tips and Tricks: 10+ Ansible Examples to Save Time and Automate More Tasks
- Ansible Linux Users & Groups By Examples: 20+ Automation Examples on Linux Users and Groups Operation for Modern IT Infrastructure
- Ansible For PostgreSQL by Examples: 10+ Examples To Automate Your PostgreSQL database
- Ansible For Amazon Web Services AWS By Examples: 10+ Examples To Automate Your AWS Modern Infrastructure
demo
How to mitigrate Polkit Privilege Escalation - PWNKIT (CVE-2021–4034) on RedHat-like systems using the Ansible Playbook downloaded from RHSB-2022–001.
code
Code downloaded from Red Hat RHSB-2022-001 Ansible Playbook 1.0 .
execution
ansible-pilot $ ansible-playbook -i virtualmachines/demo/inventory -e "HOSTS=demo.example.com" cve-2021-4034/cve-2021-4034_stap_mitigate--2022-01-25-0936.yml
PLAY [Block pkexec with empty first argument with systemtap] **************************************
TASK [Gathering Facts] ****************************************************************************
ok: [demo.example.com]
TASK [Install systemtap packages] *****************************************************************
changed: [demo.example.com]
TASK [(RHEL 7) Install kernel debuginfo] **********************************************************
skipping: [demo.example.com]
TASK [(RHEL 6/8) Install polkit debuginfo] ********************************************************
changed: [demo.example.com]
TASK [(RHEL 6) Install libselinux-python] *********************************************************
skipping: [demo.example.com]
TASK [Create systemtap script] ********************************************************************
changed: [demo.example.com]
TASK [Checking if stap_pkexec_block module is already loaded] *************************************
ok: [demo.example.com]
TASK [Install systemtap script] *******************************************************************
changed: [demo.example.com]
PLAY RECAP ****************************************************************************************
demo.example.com : ok=6 changed=4 unreachable=0 failed=0 skipped=2 rescued=0 ignored=0
ansible-pilot $
before execution
ansible-pilot $ ssh [email protected]
Last login: Thu Jan 27 21:28:44 2022 from 192.168.0.102
[[email protected] ~]$ sudo su
[[email protected] devops]# cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="8.5 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.5 (Ootpa)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos"
HOME_URL="https://www.redhat.com/"
DOCUMENTATION_URL="https://access.redhat.com/documentation/red_hat_enterprise_linux/8/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_BUGZILLA_PRODUCT_VERSION=8.5
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.5"
[[email protected] devops]# lsmod | grep stap_pkexec_block
[[email protected] devops]# exit
exit
[[email protected] ~]$
after execution
ansible-pilot $ ssh [email protected]
Last login: Thu Jan 27 21:34:11 2022 from 192.168.0.102
[[email protected] ~]$ sudo su
[[email protected] devops]# lsmod | grep stap_pkexec_block
stap_pkexec_block 434176 0
[[email protected] devops]# ls -al /root/
total 32
dr-xr-x---. 4 root root 210 Jan 27 21:35 .
dr-xr-xr-x. 17 root root 224 Dec 3 15:29 ..
-rw-------. 1 root root 789 Jan 27 21:30 .bash_history
-rw-r--r--. 1 root root 18 Aug 12 2018 .bash_logout
-rw-r--r--. 1 root root 176 Aug 12 2018 .bash_profile
-rw-r--r--. 1 root root 176 Aug 12 2018 .bashrc
-rw-r--r--. 1 root root 100 Aug 12 2018 .cshrc
drwx------. 2 root root 44 Jan 24 16:09 .gnupg
drwxr-xr-x. 3 root root 19 Jan 27 21:34 .systemtap
-rw-r--r--. 1 root root 129 Aug 12 2018 .tcshrc
-rw-------. 1 root root 923 Jan 24 17:37 .viminfo
-rw-r--r--. 1 root root 0 Jan 27 21:35 pkexec-block.log.0
-rw-------. 1 root root 97 Jan 27 21:34 pkexec-block.stp
[[email protected] devops]# ls -al /root/pkexec-block.*
-rw-r--r--. 1 root root 0 Jan 27 21:35 /root/pkexec-block.log.0
-rw-------. 1 root root 97 Jan 27 21:34 /root/pkexec-block.stp
[[email protected] devops]#
Recap
Now you know how to mitigate the Polkit Privilege Escalation - PWNKIT (CVE-2021–4034) on RedHat-like systems using the Ansible Playbook 1.0 published on RHSB-2022–001.
Subscribe to the YouTube channel, Medium, Website, Twitter, and Substack to not miss the next episode of the Ansible Pilot.Academy
Learn the Ansible automation technology with some real-life examples in my
My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
Donate
Want to keep this project going? Please donate
