Detecting and mitigating CVE-2021-4034: "Pwnkit" local privilege escalation

CVE-2021-4034, also known as "Pwnkit," is a local privilege escalation vulnerability discovered in the 'pkexec' program, part of Polkit, which has been present since its release in 2009. This flaw, which scores a high 7.8 on the CVSSv3 scale, allows attackers to execute arbitrary code with superuser privileges by exploiting a memory corruption issue when no arguments are passed to 'pkexec'. The vulnerability is not remotely exploitable but can be used by attackers with a user shell to gain root access. Temporary mitigation can be achieved by removing SUID permissions, although this may disrupt normal operations dependent on 'pkexec'. Users are advised to apply security patches from their Linux distributions. Detection tools like Falco can identify attempts to exploit this vulnerability by monitoring for unusual use of 'pkexec' and specific environment variable manipulations. OpenBSD is notably not affected due to existing mitigations. The discovery underscores the potential for long-standing software to harbor undiscovered vulnerabilities.