Cybersecurity specialists report the detection of a critical vulnerability in the pkexec component of Polkit whose exploitation would allow obtaining root user privileges in the main Linux distributions. Tracked as CVE-2021-4034, the flaw can only be exploited remotely, reducing the risk of attack.
Dubbed “PwnKit”, the flaw has been around for about 12 years, so all versions of pkxec are affected. Polkit, the affected component, handles privileges on Unix-like operating systems, allowing non-privileged processes to communicate with privileged processes. The component also allows you to run elevated commands using the pkexec command.
This report, published by security firm Qualys noted the detection of a severe memory corruption vulnerability in Polkit: “The successful exploitation of this vulnerability allows any unprivileged user to obtain root privileges on the exposed host. This research group has been able to Qualys security researchers have been able to identify the flaw, develop an exploit and obtain root privileges on the default installations of Ubuntu, Debian, Fedora and CentOS; other Linux distributions are potentially vulnerable,” Qualys says.
While Qualys did not share its proof of concept (PoC) exploit for security reasons, just a couple of hours after the publication of its report a fully functional exploit for the abuse of this vulnerability were revealed.
Given this situation, and considering that there are no patches available for all affected Linux distributions, the researchers recommend removing SUID-bit from pkexec to temporarily mitigate the risk of exploitation, in addition to verifying the security recommendations issued by polkit authors.
At the time of writing, some distributions had already addressed the issue, so the cybersecurity community expects the remaining Linux distributions to release updated pkexec packages over the next few days, fully mitigating the risk of exploitation.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.