Is AWS Linux / Linux 2 vulnerable to CVE-2021-4034?

2

I noticed that our AWS Linux installations do not have 'pkexec', does it mean that they are not vulnerable? if it is anyway (e.g. pkexec could have been renamed).. appreciate mitigation procedures. thanks

主题

标签

语言

English

已提问 2 年前577 查看次数

1 回答

最新
投票最多
评论最多

1

I have not been able to confirm the use of pkexec in Amazon Linux AMIs.

But here is a mitigation: A temporary mitigation for operating systems that have yet to push a patch is to strip pkexec of the read/write rights with the following command: chmod 0755 /usr/bin/pkexec

Source: https://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-root-on-all-major-distros-exploit-released/

已回答 2 年前

相关内容

AWS Linux AMI中缺少Crontab
专家
rePost Polyglot
已提问 5 个月前
The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access (Query Id: b2c74c7e-21ed-4375-8712-cd1579eab9a7)
专家
rePost Polyglot
已提问 5 个月前
Linux 虚拟机访问控制台
专家
rePost Polyglot
已提问 5 个月前
连接Lambda VPC与DocumentDb时出现错误信息：The provided execution role does not have permissions to call CreateNetworkInterface on EC2
专家
rePost Polyglot
已提问 5 个月前
我从 Amazon S3 桶下载或复制对象时，为什么会出现错误“The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access”（加密文字指的是不存在、此区域不存在或者您无权访问的客户主密钥）？
AWS 官方已更新 1 年前
如何以文本模式记录我的 Linux 终端会话并在稍后共享或重放呢？
AWS 官方已更新 8 个月前
为什么我在 EC2 Linux 实例的屏幕截图和系统日志中看到“审计：超出积压限制”错误，我该如何避免这种情况？
AWS 官方已更新 4 年前
为什么在运行 Amazon Linux 1、Amazon Linux 2 或 Amazon Linux 2023 的 EC2 实例上使用 yum 时收到错误？
AWS 官方已更新 10 个月前