We received a bulletin on CVE-2021-4034 – “PwnKit” is affecting Debian Linux. Since PAM appliances run on Debian we need to know if we are impacted by this vulnerability and when to expect remediation if needed.
Release : 3.4
CVE-2021-4034 Is vulnerability found in policykit package on Linux OS (pkexec) that can allow an authenticated user to gain privilege escalation.
This is not a vulnerability for Symantec PAM as no access is provided to the endusers. The only access provided is strictly to Broadcom support Engineers who will already use the root account.