JoaoFukuda/CVE-2021-4034_POC

Proof Of Concept for the 2021's pkexec vulnerability CVE-2021-4034

CVE-2021-4034 - Proof Of Concept

This POC exploits GLib's g_printerr to leverage code execution through the injection of the GCONV_PATH environmental variable.

Running the exploit

Make a tarball file of the exploit:

make tar

Then somehow transfer the generated tar to the target machine, compile, and run the vulnerability:

make
./poc

The exploit will try to execute a /bin/sh as root.

Further reading

• The blog post this exploit was based on
• An article to better understand the theory behind the attack