Security News > 2022 > January > Linux distros haunted by Polkit-geist for 12+ years: Bug grants root access to any user
Linux vendors on Tuesday issued patches for a memory corruption vulnerability in a component called polkit that allows an unprivileged logged-in user to gain full root access on a system in its default configuration.
Security vendor Qualys found the flaw and published details in a coordinated disclosure.
The vulnerability resides within polkit's pkexec, a SUID-root program that's installed by default on all major Linux distributions.
Bharat Jogi, director of vulnerability and threat research at Qualys, explained in a blog post that the pkexec flaw opens the door to root privileges for an attacker.
As a result, out-of-bounds memory gets read and written, which an attacker can exploit to inject an environment variable that can cause arbitrary code to be loaded from storage and run by the program as root.
At least the exploitation technique proposed by Qualys - injecting the GCONV PATH variable into pkexec's environment to execute a shared library as root - leaves traces in log files.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/01/26/pwnkit_vulnerability_linuix/