Article: Linux system service bug gives root on all major distros, exploit released

h0w1tzr’s Comments: Patch your systems now! This is an easy-to-use local privilege vulnerability (LPE) that affects all modern-day Linux distros.

A vulnerability in Polkit’s pkexec component identified as CVE-2021-4034 (PwnKit) is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system, researchers warn today.

CVE-2021-4034 has been named PwnKit and its origin has been tracked to the initial commit of pkexec, more than 12 years ago, meaning that all Polkit versions are affected.

Part of the Polkit open-source application framework that negotiates the interaction between privileged and unprivileged processes, pkexec allows an authorized user to execute commands as another user, doubling as an alternative to sudo.

Links

Leave a Reply