Linux distros haunted by Polkit-geist for 12+ years: Bug grants root access to any user

2022-01-26 01:02

Linux vendors on Tuesday issued patches for a memory corruption vulnerability in a component called polkit that allows an unprivileged logged-in user to gain full root access on a system in its default configuration.

Security vendor Qualys found the flaw and published details in a coordinated disclosure.

The vulnerability resides within polkit's pkexec, a SUID-root program that's installed by default on all major Linux distributions.

Bharat Jogi, director of vulnerability and threat research at Qualys, explained in a blog post that the pkexec flaw opens the door to root privileges for an attacker.

As a result, out-of-bounds memory gets read and written, which an attacker can exploit to inject an environment variable that can cause arbitrary code to be loaded from storage and run by the program as root.

At least the exploitation technique proposed by Qualys - injecting the GCONV PATH variable into pkexec's environment to execute a shared library as root - leaves traces in log files.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/01/26/pwnkit_vulnerability_linuix/

#linux #root #rootaccess

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux		18	373	1439	1138	696	3646

News URL

Related news

Related vendor