Title: 12-Year-Old Linux Vulnerability Exposes Admin Rights Risk
Written on
Chapter 1: Overview of Polkit Vulnerability
A long-standing security flaw in Polkit, a system utility, has recently come to light, allowing unauthorized users on Linux systems to obtain administrative privileges. The vulnerability, dubbed “PwnKit” by the cybersecurity firm Qualys, pertains to the pkexec component of Polkit, which is included by default in all major Linux distributions such as Ubuntu, Debian, Fedora, and CentOS.
According to Bharat Jogi, Qualys's director of vulnerability and threat research, “By taking advantage of this flaw in its standard configuration, any non-privileged user can achieve full root access on a compromised system.” He further noted that this vulnerability has been overlooked for over 12 years, impacting all versions of pkexec since its inception in May 2009.
Section 1.1: Understanding the Nature of the Flaw
The vulnerability, cataloged as CVE-2021–4034, involves an instance of memory corruption and was brought to the attention of Linux developers on November 18, 2021. Following this disclosure, Red Hat and Ubuntu promptly issued updates. The pkexec command functions similarly to sudo, allowing authorized users to execute commands as different users. If no username is specified, the command executes as the administrative superuser.
The first video discusses the 12-year-old vulnerability and its implications, shedding light on how it enables unauthorized access.
Subsection 1.1.1: Exploitation Risks
PwnKit results from an out-of-bounds write that permits "insecure" environment variables to be reintroduced into the pkexec context. Although this vulnerability cannot be exploited remotely, it can be leveraged by someone who has already gained access to the machine through other means to acquire root privileges.
Section 1.2: The Importance of Prompt Patching
The emergence of a public proof-of-concept (PoC) exploit, described by CERT/CC expert Will Dormann as “simple and universal,” further complicates the situation. This highlights the urgency of applying patches to mitigate potential threats.
Chapter 2: Recent Trends in Polkit Vulnerabilities
This is not the first security flaw discovered in Polkit; just last year, Kevin Backhouse, a security researcher on GitHub, revealed a privilege escalation vulnerability (CVE-2021–3560) that had been present for seven years. This allows for unauthorized root access, raising concerns about the security of Linux environments.
The second video elaborates on the local privilege escalation associated with the polkit CVE-2021-3560 vulnerability, emphasizing the need for vigilance in system security.
Moreover, this news follows closely behind the discovery of a Linux kernel vulnerability (CVE-2022–0185), which could allow an attacker with non-privileged access to elevate their rights to root, potentially breaking out of containers in Kubernetes setups.