The SKUDONET Team is glad to announce that Enterprise Appliances (in all their platforms Virtual, Baremetal, Hardware or Cloud) are not affected by the 12 year vulnerability found in Linux systems called PwnKit that permits a local privilege escalation discovered in polkit’s pkexec and registered as CVE-2021-4034. SKUDONET Community Edition is also not affected by this vulnerability as the vulnerable package PolicyKit is not installed in SKUDONET systems by default.
In order to ensure that your system does not include the vulnerable package, please execute the following command and it should not return any data:
root~$ dpkg -l | grep policykit
Nevertheless, please confirm with our Support Team in order to ensure that your system doesn’t have it included as a custom feature.
Please refer to the following link for furhter information about this vulnerability.
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
