There is a local privilege escalation vulnerability called "PwnKit" (CVE-2021-4034), where non-privileged Linux users can gain root access through
polkit on Linux.
There is a
yum update available for
polkit to address this issue. We recommend that you patch your OS to mitigate your risk.
Background on Pwnkit
CVE-2021-4034 made its appearance in late 2021 to early 2022. It affects most Linux systems. A non-privileged Linux user can gain root access by taking advantage of Policy Kit (
Polkit) which is commonly found on most Linux distributions.
SFTP Gateway 2.x on Azure uses CentOS 8 for the OS. To determine your current version of
polkit, run this command:
yum list installed polkit
You will see the following output:
polkit.x86_64 0.112-26.el7 @base
You can run
yum update -y. Or, you can update
yum install polkit
When you check the version of
polkit, you should see
9.1 in the version number:
polkit.x86_64 0.112-26.el7_9.1 @updates