English (US) 日本語
Submit a request

Technical question Licensing question
Sign in

See more

CVE-2021-4034: polkit's pkexec utility vulnerability

Alex Davydov

Updated March 07, 2022 09:48

Plesk for Linux kb: technical

Applicable to:

Plesk for Linux

Situation

CVE-2021-4034 vulnerability was discovered in pkexec utility.

Impact

Local privilege escalation through polkit's pkexec utility.

Call to Action

Apply security patches from OS vendor:

Debian: CVE-2021-4034
Ubuntu: USN-5252-2
RedHat-based (CentOS, RHEL, CloudLinux, AlmaLinux etc): CVE-2021-4034

Comments

2 comments

Davide Manzi January 27, 2022 11:23

On Centos 7 seems to be just a mitigation. Is there a planning to have a fix thru yum? Thanks

0

Comment actions Permalink
Alex Davydov January 28, 2022 05:58

Davide Manzi Plesk does not ship polkit's pkexec utility. It is a pure system package that each Operating System like CentOS ships and manages itself. So taking into account that Plesk does not ship this package and it cannot be installed via Plesk, therefore there is no plan for any fix from Plesk side via system packager's manager like yum or apt. And that is why the Plesk KB article provides only a link to the system security patch which should be applied at your side with the assistance of a system administrator if needed.

0

Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request