Security News > 2022 > January > 12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access
2022-01-26 20:34

A 12-year-old security vulnerability has been disclosed in a system utility called Polkit that grants attackers root privileges on Linux systems, even as a proof-of-concept exploit has emerged in the wild merely hours after technical details of the bug became public.

Dubbed "PwnKit" by cybersecurity firm Qualys, the weakness impacts a component in polkit called pkexec, a program that's installed by default on every major Linux distribution such as Ubunti, Debian, Fedora, and CentOS. Polkit is a toolkit for controlling system-wide privileges in Unix-like operating systems, and provides a mechanism for non-privileged processes to communicate with privileged processes.

"This vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration," Bharat Jogi, director of vulnerability and threat research at Qualys, said, adding it "Has been hiding in plain sight for 12+ years and affects all versions of pkexec since its first version in May 2009.".

While this vulnerability is not remotely exploitable, an attacker that has already established a foothold on a system via another means can weaponize the flaw to achieve full root privileges.

In June 2021, GitHub security researcher Kevin Backhouse revealed details of a seven-year-old privilege escalation vulnerability that could be abused to escalate permissions to the root user.

On top of that, the disclosure also arrives close on the heels of a security flaw affecting the Linux kernel that could be exploited by an attacker with access to a system as an unprivileged user to escalate those rights to root and break out of containers in Kubernetes setups.


News URL

https://thehackernews.com/2022/01/12-year-old-polkit-flaw-lets.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 17 374 2505 1534 665 5078