Major Linux distro vulnerable for 12 years to polkit’s pkexec

Topic

New Reply

PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration…

Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS. Other Linux distributions are likely vulnerable and probably exploitable..

This vulnerability has been hiding in plain sight for 12+ years and affects all versions of pkexec since its first version in May 2009 (commit c8c3d83, “Add a pkexec(1) command”)..

Reply | Quote

Replies

So one removes this bit of software and the threat is gone? What is it for?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

OscarCP wrote:

What is it for?

That is described in the second paragraph at the link, headed “About Polkit pkexec for Linux”.

Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

Reply | Quote

The hypothetical “many eyes” fail dismally yet again:

Disbelieving the many eyes hypothesis

Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

Reply | Quote

? says:

maybe an update from yesterday was for this?

Commit Log for Tue Jan 25 16:55:25 2022
Upgraded the following packages:
gir1.2-polkit-1.0 (0.105-26ubuntu1.1) to 0.105-26ubuntu1.2
libpolkit-agent-1-0 (0.105-26ubuntu1.1) to 0.105-26ubuntu1.2
libpolkit-gobject-1-0 (0.105-26ubuntu1.1) to 0.105-26ubuntu1.2
policykit-1 (0.105-26ubuntu1.1) to 0.105-26ubuntu1.2

2 users thanked author for this post.

Charlie, Microfix

Reply | Quote

OscarCP wrote:

So one removes this bit of software and the threat is gone? What is it for?

(PwnKit) polkit

polkit is an application-level toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes: It is a framework for centralizing the decision making process with respect to granting access to privileged operations for unprivileged applications…

Reply | Quote

Hopefully no nasties who have nothing better to do than wreak havoc will read this thread.

Experience is that marvelous thing that enables you recognize a mistake as soon as you make it again.

1 user thanked author for this post.

OscarCP

Reply | Quote

I got this for Linux Mint which I think is the same as what anonymous posted above.

Experience is that marvelous thing that enables you recognize a mistake as soon as you make it again.

1 user thanked author for this post.

OscarCP

Reply | Quote

? says:

just a “linux hobbyist,” but:

Commit Log for Thu Jan 27 09:48:14 2022

Upgraded the following packages:

libpolkit-agent-1-0 (0.105-18+deb9u1) to 0.105-18+deb9u2
libpolkit-backend-1-0 (0.105-18+deb9u1) to 0.105-18+deb9u2
libpolkit-gobject-1-0 (0.105-18+deb9u1) to 0.105-18+deb9u2
policykit-1 (0.105-18+deb9u1) to 0.105-18+deb9u2

libxfont2 (1:2.0.1-3+deb9u1) to 1:2.0.1-3+deb9u2

libnss3 (2:3.26.2-1.1+deb9u4) to 2:3.26.2-1.1+deb9u5

does your windows do this?

Reply | Quote

anonymous wrote:

does your windows do this?

Do what? Patch 12-year-old security flaws?

Windows 11 Pro version 22H2 build 22621.1778 + Microsoft 365 + Edge

Reply | Quote

Of course, it does (and some of them are even older than 12 years), for instance (in)famous BlueKeep, DejaBlue and EternalBlue vulnerabilities…

And presence of the same vulnerability in a whole bunch of operating systems versions is not unique for Linux, it is also common for Microsoft Windows (like for most operating system families).
Let’s check this month’s (January 2022) patches and Security Update Guide for Windows 7 (which was released in 2009). Please also notice that out of these 34(35*) vulnerabilities, 29(30*) are also present in Windows 11 (released in 2022)…
These are: CVE-2022-21883, CVE-2022-21843, CVE-2022-21889, CVE-2022-21890, CVE-2022-21880, CVE-2022-21885, CVE-2022-21924, CVE-2022-21908, CVE-2022-21900, CVE-2022-21913, CVE-2022-21893, CVE-2022-21905, CVE-2022-21897, CVE-2022-21862, CVE-2022-21857, CVE-2022-21838, CVE-2022-21836, CVE-2022-21835, CVE-2022-21834, CVE-2022-21833, CVE-2022-21915, CVE-2022-21914, CVE-2022-21916, CVE-2022-21919, CVE-2022-21851, CVE-2022-21850, CVE-2022-21848, CVE-2022-21920, CVE-2022-21922.

*I depending on whether do you also count CVE-2013-3900 or not.

 

 

Reply | Quote

Commit Log for Tue Jan 25 17:35:28 2022

Upgraded the following packages:
gir1.2-polkit-1.0 (0.105-25) to 0.105-25+deb10u1
libpolkit-agent-1-0 (0.105-25) to 0.105-25+deb10u1
libpolkit-backend-1-0 (0.105-25) to 0.105-25+deb10u1
libpolkit-gobject-1-0 (0.105-25) to 0.105-25+deb10u1
policykit-1 (0.105-25) to 0.105-25+deb10u1

got ours earlier than the tardy thread posting time.

Keeping IT Lean, Clean and Mean!

Reply | Quote