Jump to content
Welcome to our new Citrix community!

questions about CVE-2021-4034 vulnerability

Marco Braccioli

Recommended Posts

Hi all,

we have been awarned about the recent CVE-2021-4034 vulnerability,

that is a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution.

Many customers are asking to us if Netscaler/ADC and other Linux-based Citrix products are affected by this vulnerability.

Could you give us more informations?

thank you,

best regards


Link to comment
Share on other sites

Hi Marco,


Just following up. Citrix have advised we're not impacted. Case #81007051. They said: 



************************************ CITRIX SUPPORT *************************************************



Hi Team,

Thank you for contacting Citrix Technical Support. My name is ******** and I am the eService Technical Support Engineer assigned to your case.

On this case you have raised an issue related to security vulnerability CVE-2021-4034.

According to the following link, this vulnerability has not been found to be related to FREE BSD, because the bottom layer of our NETSCALER is the FREE BSD system.


Last-minute note: polkit also supports non-Linux operating systems such as Solaris and *BSD, but we have not investigated their exploitability. However, we note that OpenBSD is not exploitable, because its kernel refuses to execve() a program if argc is 0.

Please let me know if you have queries.


  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...