Researchers Find Linux System Vulnerability, in Polkit's pkexec, on All Major Distros

Forum Moderators: bakedjake

Message Too Old, No Replies

Researchers Find Linux System Vulnerability, in Polkit's pkexec, on All Major Distros

engine

11:48 am on Jan 27, 2022 (gmt 0)

Researchers discovered a a vulnerability in Polkit's component, pkexec which is detailed in CVE-2021-4034. Once it was discovered, time was given for a patch before releases details of the vulnerability.

Researchers at Qualys information security company found that the pkexec program could be used by local attackers to increase privileges to root on default installations of Ubuntu, Debian, Fedora, and CentOS.

They warn that PwnKit is likely exploitable on other Linux operating systems as well.

Administrators should patch this immediately.

[bleepingcomputer.com...]

graeme_p

12:07 pm on Jan 27, 2022 (gmt 0)

It should not be installed on servers. I just checked and the las Debian install I did does not include it Other distros may differ.

Its a privilege escalation vulnerability, so should not be much of a problem for desktops etc.

Another gift from systemd. I am seriously thinking of running what I can on a BSD.

Sgt_Kickaxe

11:15 am on Jan 28, 2022 (gmt 0)

Good idea - whatever 99% of the others are doing should be avoided.

Back to basic simplicity, it's the way to go.

Dimitri

11:04 pm on Jan 28, 2022 (gmt 0)

To run a business, especially online, you need to be extremely paranoiac to limit risks of problems. You need to worry about every single details, and constantly think about what can go wrong. You need to close everything, and trust no one to limit the point of failure.