securitybreach Posted January 25, 2022 Share Posted January 25, 2022 Quote A vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system, researchers warn today. CVE-2021-4034 has been named PwnKit and its origin has been tracked to the initial commit of pkexec, more than 12 years ago, meaning that all Polkit versions are affected. Part of the Polkit open-source application framework that negotiates the interaction between privileged and unprivileged processes, pkexec allows an authorized user to execute commands as another user, doubling as an alternative to sudo. Easy to exploit, PoC expected soon Researchers at Qualys information security company found that the pkexec program could be used by local attackers to increase privileges to root on default installations of Ubuntu, Debian, Fedora, and CentOS. They warn that PwnKit is likely exploitable on other Linux operating systems as well. Bharat Jogi, Director of Vulnerability and Threat Research at Qualys explains that PwnKit is “a memory corruption vulnerability in Polkit’s, which allows any unprivileged user to gain full root privileges on a vulnerable system using default polkit configuration,....” https://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-root-on-all-major-distros-exploit-released/ Expect a patch soon. 1 Quote Link to comment Share on other sites More sharing options...
abarbarian Posted January 26, 2022 Share Posted January 26, 2022 10 hours ago, securitybreach said: https://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-root-on-all-major-distros-exploit-released/ Expect a patch soon. In that article they have a screen shot, I tried out the code they gave in the screen shot but it returned this, bloodaxe@BIFROST:~ $ whoami bloodaxe bloodaxe@BIFROST:~ $ gcc -o blasty blasty-vs-pkexec.c gcc: error: blasty-vs-pkexec.c: No such file or directory gcc: fatal error: no input files compilation terminated. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted January 26, 2022 Author Share Posted January 26, 2022 In the above example, blasty is the script. If you do not have it downloaded, you can't use it. BTW this is actually minor and can easily be fixed by this workaround until patch is available: sudo chmod 0755 /usr/bin/pkexec Quote Link to comment Share on other sites More sharing options...
securitybreach Posted January 26, 2022 Author Share Posted January 26, 2022 gcc -o blasty blasty-vs.pkexec.c That simply means to run blasty-vs-pkexec.c (the script) and output it to a file called blasty And you really shouldn't be running commands you do not understand what they do. Remember how people used to get screwed over if someone told them to run sudo rm -rvf / Luckily most distros have removed that function. It was fun to see a distro destroy itself. BTW DO NOT RUN THE COMMAND ABOVE unless you want to destroy your installation 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted January 26, 2022 Author Share Posted January 26, 2022 And some others for your enjoyment 8 Deadly Commands You Should Never Run on Linux Point being, trolls will post malicious commands on the internet for kicks. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted January 26, 2022 Share Posted January 26, 2022 Polkit upgraded in Slackware as of today. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted January 26, 2022 Author Share Posted January 26, 2022 59 minutes ago, V.T. Eric Layton said: Polkit upgraded in Slackware as of today. Nice Quote Link to comment Share on other sites More sharing options...
securitybreach Posted January 26, 2022 Author Share Posted January 26, 2022 Arch got it too today. 1 Quote Link to comment Share on other sites More sharing options...
raymac46 Posted January 26, 2022 Share Posted January 26, 2022 Looks like Debian has also been patched. 1 Quote Link to comment Share on other sites More sharing options...
abarbarian Posted January 27, 2022 Share Posted January 27, 2022 19 hours ago, securitybreach said: gcc -o blasty blasty-vs.pkexec.c That simply means to run blasty-vs-pkexec.c (the script) and output it to a file called blasty And you really shouldn't be running commands you do not understand what they do. Remember how people used to get screwed over if someone told them to run sudo rm -rvf / Luckily most distros have removed that function. It was fun to see a distro destroy itself. BTW DO NOT RUN THE COMMAND ABOVE unless you want to destroy your installation AH HA I missed that I needed a script. Yeah I figured that you would not post a dodgy article, though you can never be sure. Yup realise the dangers of copying code of the net. Not too bothered if I hose the ToughBook as I use MX's excellent backup tools. Besides I have to have some fun every now and again, I have not hosed a pc in a while. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted January 27, 2022 Author Share Posted January 27, 2022 Good deal Quote Link to comment Share on other sites More sharing options...
raymac46 Posted January 27, 2022 Share Posted January 27, 2022 Mint now fixed as well. 1 Quote Link to comment Share on other sites More sharing options...
Cluttermagnet Posted January 28, 2022 Share Posted January 28, 2022 15 hours ago, raymac46 said: Mint now fixed as well. Fixed in what sense, please? Do I need to do anything? And I still have one or more copies of obsolete Mint 17 running. Does that add to my concerns? (Mostly I'm now running Mint 20). Clutter Quote Link to comment Share on other sites More sharing options...
raymac46 Posted January 28, 2022 Share Posted January 28, 2022 Update your Mint 20. Not advisable to run obsolete versions of Mint as they don't get security updates. For them you could try Josh's workaround. sudo chmod 0755 /usr/bin/pkexec Remember this is not a concern unless an attacker is actually a user on your machine. If that is the case you have a lot of issues besides the exploit. 1 1 Quote Link to comment Share on other sites More sharing options...
wa4chq Posted January 28, 2022 Share Posted January 28, 2022 (edited) Quote Remember this is not a concern unless an attacker is actually a user on your machine. If that is the case you have a lot of issues besides the exploit. So does this mean I'm OK since I'm the only user on all my computers? Edited January 28, 2022 by wa4chq Quote Link to comment Share on other sites More sharing options...
abarbarian Posted January 28, 2022 Share Posted January 28, 2022 41 minutes ago, wa4chq said: So does this mean I'm OK since I'm the only user on all my computers? As long as you do not have dissociative identity disorder. 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted January 28, 2022 Author Share Posted January 28, 2022 Or run one of the commands I linked to 1 Quote Link to comment Share on other sites More sharing options...
Cluttermagnet Posted January 28, 2022 Share Posted January 28, 2022 6 hours ago, raymac46 said: Update your Mint 20. Not advisable to run obsolete versions of Mint as they don't get security updates. For them you could try Josh's workaround. sudo chmod 0755 /usr/bin/pkexec Remember this is not a concern unless an attacker is actually a user on your machine. If that is the case you have a lot of issues besides the exploit. Phew! OK that is great news then. Other users definitely not a concern (unless there are burglar hackers- LOL). Thanks! 1 1 Quote Link to comment Share on other sites More sharing options...
wa4chq Posted January 28, 2022 Share Posted January 28, 2022 8 hours ago, abarbarian said: As long as you do not have dissociative identity disorder. I do and at the moment, this is not wa4chq. My handle is Ralph. 2 Quote Link to comment Share on other sites More sharing options...
wa4chq Posted January 28, 2022 Share Posted January 28, 2022 3 hours ago, securitybreach said: Or run one of the commands I linked to whoops! 1 Quote Link to comment Share on other sites More sharing options...
abarbarian Posted January 29, 2022 Share Posted January 29, 2022 12 hours ago, wa4chq said: I do and at the moment, this is not wa4chq. My handle is Ralph. Are you sure ? Might be best to set a cron job running "whoami" every five minutes. 3 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted January 29, 2022 Author Share Posted January 29, 2022 Quote Link to comment Share on other sites More sharing options...
crp Posted February 8, 2022 Share Posted February 8, 2022 so i hate the hullaballoo over this type of thing. It isn't a remote execution issue. if someone has the access to make use of the flaw , then it is game over anyway. (btw: steve gibson had a nice segment about this flaw.) 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.