Security Advisory - Polkit Vulnerability (CVE-2021-4034)
First published on January 28, 2022
What is Polkit?
Polkit is a toolkit for defining and handling authorizations.
What is the vulnerability?
A vulnerability impacting many Linux systems has been identified in polkit, This vulnerability can be exploited to allow unauthorized actions.
Here is a link to an article describing the vulnerability:
This vulnerability can only be exploited by a malicious user who logs in to the Enterprise File Fabric™ server virtual machine using ssh or some other similar method of login.
Note that only Linux system administrators would normally have authority for ssh access to the File Fabric and that File Fabric users working through the File Fabric’s web interface or desktop or mobile tools cannot exploit this vulnerability.
What steps should I take?
On-Premises (Customer-Managed) File Fabrics
This update will not require downtime or reboot. Users using the system will not be affected.
To apply the update, ssh into the File Fabric host and su to root. Then execute both of these commands:
yum clean all yum update polkit
You should see:
Updated: polkit.x86_64 0:0.112-26.el7_9.1
Note: For an HA setup these commands will have to be run on each node.
This update will also be included in the next released build of the File Fabric Appliance and is included in File Fabric upgrades as January 28, 2022.
File Fabrics Managed by Storage Made Easy
If Storage Made Easy manages your File Fabric then you need not take any action. Storage Made Easy has already applied the update.
If You Need Help
If you have any questions about the vulnerability or the procedure for resolving it, please contact us at support@storagemadeeasy.com.