We received a bulletin on CVE-2021-4034 – “PwnKit” is affecting Debian Linux. Since PAM appliances run on Debian we need to know if we are impacted by this vulnerability and when to expect remediation if  needed.

References:

• Debian Security Advisory: https://www.debian.org/security/2022/dsa-5059
• Debian Security Tracker: https://security-tracker.debian.org/tracker/CVE-2021-4034

Release : 3.4

Component :

CVE-2021-4034 Is vulnerability found in policykit package on Linux OS (pkexec) that can allow an authenticated user to gain privilege escalation.

This is not a vulnerability for Symantec PAM as no access is provided to the endusers. The only access provided is strictly to Broadcom support Engineers who will already use the root account.