• Major Linux distro vulnerable for 12 years to polkit’s pkexec

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » Major Linux distro vulnerable for 12 years to polkit’s pkexec

    Author
    Topic
    #2421275

    PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

    The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration…

    Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS. Other Linux distributions are likely vulnerable and probably exploitable..

    This vulnerability has been hiding in plain sight for 12+ years and affects all versions of pkexec since its first version in May 2009 (commit c8c3d83, “Add a pkexec(1) command”)..

    Viewing 7 reply threads
    Author
    Replies
    • #2421311

      So one removes this bit of software and the threat is gone? What is it for?

      Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Big Sur 11.6 & sometimes, Linux (Mint)

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV and Malwarebytes for Macs.

      • #2421336

        What is it for?

        That is described in the second paragraph at the link, headed “About Polkit pkexec for Linux”.

        Windows 10 Pro version 21H2 build 19044.1682 + Microsoft 365 (group ASAP)

    • #2421335

      The hypothetical “many eyes” fail dismally yet again:

      Disbelieving the many eyes hypothesis

      Windows 10 Pro version 21H2 build 19044.1682 + Microsoft 365 (group ASAP)

    • #2421357

      ? says:

      maybe an update from yesterday was for this?

      Commit Log for Tue Jan 25 16:55:25 2022
      Upgraded the following packages:
      gir1.2-polkit-1.0 (0.105-26ubuntu1.1) to 0.105-26ubuntu1.2
      libpolkit-agent-1-0 (0.105-26ubuntu1.1) to 0.105-26ubuntu1.2
      libpolkit-gobject-1-0 (0.105-26ubuntu1.1) to 0.105-26ubuntu1.2
      policykit-1 (0.105-26ubuntu1.1) to 0.105-26ubuntu1.2

      2 users thanked author for this post.
    • #2421377

      So one removes this bit of software and the threat is gone? What is it for?

      (PwnKit) polkit

      polkit is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes: It is a framework for centralizing the decision making process with respect to granting access to privileged operations for unprivileged applications…

    • #2421404

      Hopefully no nasties who have nothing better to do than wreak havoc will read this thread.

      We're getting Sticker Shock everywhere now, not just car dealers.

      1 user thanked author for this post.
    • #2421440

      I got this for Linux Mint which I think is the same as what anonymous posted above.

      Policykit-1

      We're getting Sticker Shock everywhere now, not just car dealers.

      1 user thanked author for this post.
    • #2421551

      ? says:

      just a “linux hobbyist,” but:

      Commit Log for Thu Jan 27 09:48:14 2022

      Upgraded the following packages:

      libpolkit-agent-1-0 (0.105-18+deb9u1) to 0.105-18+deb9u2
      libpolkit-backend-1-0 (0.105-18+deb9u1) to 0.105-18+deb9u2
      libpolkit-gobject-1-0 (0.105-18+deb9u1) to 0.105-18+deb9u2
      policykit-1 (0.105-18+deb9u1) to 0.105-18+deb9u2

      libxfont2 (1:2.0.1-3+deb9u1) to 1:2.0.1-3+deb9u2

      libnss3 (2:3.26.2-1.1+deb9u4) to 2:3.26.2-1.1+deb9u5

      does your windows do this?

    • #2421601

      Commit Log for Tue Jan 25 17:35:28 2022

      Upgraded the following packages:
      gir1.2-polkit-1.0 (0.105-25) to 0.105-25+deb10u1
      libpolkit-agent-1-0 (0.105-25) to 0.105-25+deb10u1
      libpolkit-backend-1-0 (0.105-25) to 0.105-25+deb10u1
      libpolkit-gobject-1-0 (0.105-25) to 0.105-25+deb10u1
      policykit-1 (0.105-25) to 0.105-25+deb10u1

      got ours earlier than the tardy thread posting time.

      "-rw-rw-rw-" extreme computing
    Viewing 7 reply threads
    Reply To: Major Linux distro vulnerable for 12 years to polkit’s pkexec

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.