perfsonar-user - RE: [perfsonar-user] CVE-2021-4034

Subject: perfSONAR User Q&A and Other Discussion

List archive

RE: [perfsonar-user] CVE-2021-4034

From: Brian Tehan <>
To: "D'Angelo, Cas" <>, "" <>
Subject: RE: [perfsonar-user] CVE-2021-4034
Date: Wed, 26 Jan 2022 22:19:40 +0000
Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nr6JiNpwy6nWvfmBXH2E9wZ6zxChW9WuWU7Z0FU4J3A=; b=CMztYJ6CPNOqJ8f2OfIZRUwP3iEiCmsdJuUksriHMfHvaFraVIUNLPInyVBlfGCjfNQoVDw3L1mzfpgrpIfh5mR4Hdhp2Cp3CcKxj61PdRGWU8Cb47X1LQAZg4Rl/87Wp5fW3+dxnkpSr/D37vDotGuLSCihgFrJ+OYjTxtttk+172RgnN+osIVmphr2xpmHfBdGeXx79wyEuyuWRoci+n69gPfX8IDdhMm9t+tqueybiX8vMoxbhyUXy3VB5l3OdIW1vTAVea4vwbv3TB2YCO/Y5c8tO1q1V7capLf2npT/UFgKxNINAHYIRwCFic2Zsoyg7P9/zBBhnZ2ziMQGxQ==
Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bylVsh1H4jCpM9RPJp9dtqfvGNSZanaMuvlrBy2E/XduRir2Z0ROXh5Hy7DNDCXIIEZXtWce9kicqEUK218YJU6b4ZilSCc4UbzVzsPy3d1CSrU6tdkyzQMNQlDBAbMIcyuc9k2c5MGjYq0Lxhb8U/aJoATiYFcLwZ8+dd5g6NNEw6OW+EhNBOjRqKA+fWhJWuCRawqaJOwqO21GnCF+nR33GUksgCEPjopD1zAadsNUwsSBqa89HqYjCa6k/q/L+WaL9I2YZmL4hA/WNsB+28xdRKqmuiF3GuCBUu726tK4Z4/Hc07m+QWB/jEXR39kEgcaGw8ZUqQDg6z7sIKTdA==

Perfect, thanks Cas.

Brian Tehan

Regional Network Engineer

University of Nebraska System

EAB009F 6001 Dodge St

Omaha, NE 68182-0051

Office: (402) 554-6428

university of nebraska logo lockup with campuses

From: D'Angelo, Cas <>
Sent: Wednesday, January 26, 2022 3:53 PM
To: ; Brian Tehan <>
Subject: Re: CVE-2021-4034

Non-NU Email

It looks like CentOS dropped a patched version of polkit today.

$ rpm -qa | grep polkit
polkit-0.112-26.el7_9.1.x86_64

If the version reported isn't at least polkit-0.112-26.el7_9.1 then run

$ sudo yum -y upgrade

https://forums.centos.org/viewtopic.php?f=51&p=330616
https://access.redhat.com/errata/RHSA-2022:0274#packages

photo-logo

Cas D'Angelo

AVP & Chief Operating Officer OIT

Georgia Tech

p: 404-894-1356

w: oit.gatech.edu

From: <> on behalf of Brian Tehan <>
Sent: Wednesday, January 26, 2022 4:36 PM
To: <>
Subject: [perfsonar-user] CVE-2021-4034

https://arstechnica.com/information-technology/2022/01/a-bug-lurking-for-12-years-gives-attackers-root-on-every-major-linux-distro/

https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt

$ systemctl list-unit-files | grep polkit

polkit.service static

Perfsonar Team,

I ran across the above article and found the service installed on our perfSONAR Toolkit machines. Are toolkit installations vulnerable to this attack? If so, should we implement the mitigation that Qualys suggests (# chmod 0755 /usr/bin/pkexec)?

Thanks.