Polkit pkexec Local Privilege Escalation
Posted by deepcore on March 4, 2022 – 6:21 pm
This is a Metasploit module for the argument processing bug in the polkit pkexec binary. If the binary is provided with no arguments, it will continue to process environment variables as argument variables, but without any security checking. By using the execve call we can specify a null argument list and populate the proper environment variables. This exploit is architecture independent.
Post a reply
You must be logged in to post a comment.