目 录
一、漏洞基本情况。
Linux Polkit 中的 pkexec 组件存在的本地权限提升漏洞(CVE-2021-4034),pkexec应用程序为 Linux 系统预装工具,漏洞影响Ubuntu、Debian、Fedora、CentOS等主流 Linux发行版。攻击者可以通过修改环境变量,从而诱导 pkexec 执行任意代码,利用成功可导致非特权用户获得管理员权限。
二、 漏洞影响范围
由于 polkit 为系统预装工具,目前主流Linux版本均受影响。
三、安全版本
CentOS系列:
CentOS 6:polkit-0.96-11.el6_10.2/polkit-0.96-11.el6_10.1(aliyun镜像)
CentOS 7:polkit-0.112-26.el7_9.1
CentOS 8.0:polkit-0.115-13.el8_5.1
CentOS 8.2:polkit-0.115-11.el8_2.2
CentOS 8.4:polkit-0.115-11.el8_4.2
Ubuntu系列:
Ubuntu 20.04 LTS:policykit-1 - 0.105-26ubuntu1.2
Ubuntu 18.04 LTS:policykit-1 - 0.105-20ubuntu0.18.04.6
Ubuntu 16.04 ESM:policykit-1 - 0.105-14.1ubuntu0.5+esm1
Ubuntu 14.04 ESM:policykit-1 - 0.105-4ubuntu3.14.04.6+esm1
四、补救措施
1、yum方式更新
yum -y install polkit
如果不成功需要修改镜像源,有需要的可以看下,放到后面了。
2、rpm方式更新
cat /etc/redhat-release #查看服务器版本 rpm -qa | grep polkit # 检查服务器polkit版本 rpm -Uvh polkit-0.112-26.el7_9.1.x86_64.rpm
阿里巴巴开源镜像站-阿里云官网开发者社区_云计算社区polkit-0.96-11.el6_10.1 rpm地址: 阿里巴巴开源镜像站-阿里云官网开发者社区_云计算社区
polkit-0.112-26.el7_9.1 rpm地址: 阿里巴巴开源镜像站-阿里云官网开发者社区_云计算社区
五、yum 无法找到源
1、进入 CentOS-Base.repo目录
cd /etc/yum.repos.d
2、vim CentOS-Base.repo #修改前记得备份
#修改的镜像源 #CentOS-Base.repo # The mirror system uses the connecting IP address of the client and the # update status of each mirror to pick mirrors that are updated to and # geographically close to the client. You should use this for CentOS updates # unless you are manually picking other mirrors. # # If the mirrorlist= does not work for you, as a fall back you can try the # remarked out baseurl= line instead. [base] name=CentOS-6.10 - Base - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos-vault/6.10/os/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos-vault/RPM-GPG-KEY-CentOS-6 #released updates [updates] name=CentOS-6.10 - Updates - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos-vault/6.10/updates/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos-vault/RPM-GPG-KEY-CentOS-6 #additional packages that may be useful [extras] name=CentOS-6.10 - Extras - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos-vault/6.10/extras/$basearch/ gpgcheck=1 gpgkey=http://mirrors.aliyun.com/centos-vault/RPM-GPG-KEY-CentOS-6 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-6.10 - Plus - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos-vault/6.10/centosplus/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirrors.aliyun.com/centos-vault/RPM-GPG-KEY-CentOS-6 #contrib - packages by Centos Users [contrib] name=CentOS-6.10 - Contrib - mirrors.aliyun.com failovermethod=priority baseurl=http://mirrors.aliyun.com/centos-vault/6.10/contrib/$basearch/ gpgcheck=1 enabled=0 gpgkey=http://mirrors.aliyun.com/centos-vault/RPM-GPG-KEY-CentOS-6
3、清空yum缓存
yum clean all yum makecache
4、yum安装
yum -y install polkit
ps:第一次写文章,如果有帮助大佬们记得点赞哦~ 感谢。