Security News > 2022 > January > PolKit vulnerability can give attackers root on many Linux distros (CVE-2021-4034)
A memory corruption vulnerability in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by local unprivileged users to gain full root privileges.
While the vulnerability is not exploitable remotely and doesn't, in itself, allow arbitrary code execution, it can be used by attackers that have already gained a foothold on a vulnerable host to escalate their privileges and achieve that capability.
"Polkit is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed," explained Bharat Jogi, Director of Vulnerability and Threat Research at Qualys.
After finding the bug, creating an exploit and obtaining root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS with it, Qualys researchers notified both the vendor and open-source distributions so they could push out a patch.
"Since most major distributions already released patches, the best option now is to install the patches. Of course, you'll need to do it on all systems. If you cannot, or if there are no patches available, you can prevent the vulnerability from being exploited by removing the SUID bit from the pkexec tool; just make sure that you are not breaking anything," he advised.
Qualys's exploitation technique leaves traces in the logs, but they pointed out that there are ways to exploit the vulnerability without leaving such traces.