Jump to content

Linux system service bug gives you root on every major distro


Corrine
 Share

Recommended Posts

From Bleeping Computer at Linux system service bug gives you root on every major distro:

Quote

A vulnerability in Polkit's pkexec component that is present in the default configuration of all major Linux distributions can be exploited to gain full root privileges on the system, researchers warn today.

 

Identified as CVE-2021-4034 and named PwnKit, the security issue has been tracked to the initial commit of pkexec, more than 12 years ago, meaning that all Polkit versions are affected.

Part of the Polkit open-source application framework that negotiates the interaction between privileged and unprivileged processes, pkexec allows an authorized user to execute commands as another user, doubling as an alternative to sudo.

Easy to exploit, PoC expected soon

Researchers at Qualys information security company found that the pkexec program could be used by local attackers to increase privileges to root on default installations of Ubuntu, Debian, Fedora, and CentOS.

They warn that PwnKit is likely exploitable on other Linux operating systems as well

 

Additional information at the above-linked article.

  • Thanks 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...