Qualys security researchers have discovered a serious vulnerability in Linux that affects most distributions. Is about a memory corruption bug in PolKit, is a system-wide privilege control component that comes installed by default on most distros and other UNIX-like operating systems.
The vulnerability, which has been named “PwnKit“, can be easily exploited to allow any non-privileged user to gain full root privileges on a vulnerable host.
Within three hours of being published, PwnKit already had an exploit
After the publication of the technical details by Qualys, in less than three hours there was already a public exploit that was easy to reproduce. Something that they have verified from BleepingComputer, being able obtain root privileges on the system on all attempts.
PwnKit, identified as CVE-2021-4034, It is a fault that has its origin more than 12 years ago, and it appears to come from the first published commit of pkexec. This means that all versions of Polkit are affected.
The researchers verified that PwnKit can be used to elevate privileges on default installations of Ubuntu, Debian, Fedora and CentOS.
The researchers were able to use the pkexec program to gain root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS, but warn that PwnKit is probably exploitable on any other Linux distribution.
Qualys responsibly reported the security issue on November 18, 2021 and waited for a patch to become available before publishing it. The recommendation for all system administrators is to give priority to applying the patches that the Polkit authors have published on GitLab.
Red Hat has released a security update for polkit, and Canonical has already released patches for Ubuntu in versions 14.04 and 16.04 ESM, in addition to its latest supported versions, such as Ubuntu 18.04, 20.04, and 21.04. All you need to do is update your system and reboot to protect yourself from the vulnerability.
This is the third bug discovered in Linux in the last year that allows root privileges.
This is the third major bug allowing root privileges to be discovered by Qualys in recent months. The previous one, ‘Sequoia’, was a Linux kernel vulnerability that affects most of its installations and that had been incorporated into the kernel more than seven years ago. Before that, they found a critical bug in sudo that was there since 2011.