Communications of the ACM
Bug Lurking for 12 Years Gives Attackers Root on Most Major Linux Distros
Polkit manages system-wide privileges in Unix-like OSes, providing a mechanism for nonprivileged processes to safely interact with privileged processes; it also allows users to execute commands with high privileges by using a component called pkexec, foll
Credit: Getty Images
Polkit, a system-wide privilege manager for Unix-like operating systems, contains a 12-year-old memory-corruption vulnerability that grants attackers root privileges on systems running most major Linux distributions, warn researchers at security firm Qualys.
Users can execute commands with high privileges using Polkit's pkexec component, followed by the command; people with limited system control can exploit the PwnKit flaw in pkexec to escalate privileges all the way to root.
According to Qualys' Bharat Jogi, "The most likely attack scenario is from an internal threat where a malicious user can escalate from no privileges whatsoever to full root privileges. From an external threat perspective, if an attacker has been able to gain foothold on a system via another vulnerability or a password breach, that attacker can then escalate to full root privileges through this vulnerability."
A separate source released proof-of-concept exploit code; researchers warn PwnKit's exploitation in the wild is inevitable.
From Ars Technica
View Full Article
Abstracts Copyright © 2022 SmithBucklin, Washington, DC, USA
No entries found