12-year vulnerability in pkexec gives hackers root privileges on Linux
Researchers have just issued a warning about a vulnerability in Polkit's pkexec component that is assigned the code CVE-2021-4034 (and is known as PwnKit).
PwnKit is included in the default configuration of all Linux distros and can be exploited to gain full root privileges on the system.
PwnKit emerged from the original pkexec commit 12 years ago. This means that all versions of Polkit are affected.
Part of the open-source application framework Polkit is responsible for negotiating the interaction between privileged and non-privileged processes. Meanwhile, pkexec allows authorized users to execute commands as another user, an alternative to sudo.
Easy to mine and has video tutorials on how to mine (PoC)
Security researchers at information security firm Qualys discovered PwnKit. They found that hackers could use pkexec to gain root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS.
In addition, Qualys also warned that PwnKit can be exploited on other Linux operating systems.
The problem appeared in the first version of pkexec released in May 2009 but no one noticed. The researchers say that this PwnKit vulnerability is very easy to exploit.
Qualys has not released a proof-of-mining (PoC) video yet. However, just 3 hours after the technical details of the vulnerability were made public, its PoC video was shared by the hackers.
Security experts say that PwnKit is very dangerous because it is both simple and popular. Even testing shows that it works on ARM64 systems.
Qualys has reported the vulnerability to the responsible parties since November 18, 2021 and only makes the information public after a patch is available. The company recommends that administrators should prioritize installing the patch that Polkit's author has just released on GitLab.
Linux distro vendors also got access to the patch a few weeks ago. It is expected that the pkexec update packages will be released from January 25, 2022.
If it hasn't been updated, you can temporarily strip pkexec's read/write permissions to prevent the vulnerability with the following command:
chmod 0755 /usr/bin/pkexec
Linux users should update their operating system as soon as possible to avoid security holes like PwnKit.
You should read it
- Detecting a new Linux vulnerability allows hackers to gain control of the VPN connection
- New privilege escalation vulnerability called 'Dirty Pipe' is threatening all Linux distros
- How to install and use a vulnerability scanner in Linux
- Immediately patch CWP vulnerability that allows code execution as root on Linux servers
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- What is VENOM Vulnerability? How can you protect yourself?
- Log4Shell zero-day vulnerability discovered, the new nightmare of enterprises
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
- Warning of dangerous Spring4Shell vulnerability, there are signs of scanning and exploiting