Skip to main content

Major Linux PolicyKit security vulnerability uncovered: Pwnkit

posted onJanuary 26, 2022
by l33tdawg
Bleeping Computer
Credit: Bleeping Computer

A vulnerability in Polkit's pkexec component identified as CVE-2021-4034 (PwnKit) is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system, researchers warn today.

CVE-2021-4034 has been named PwnKit and its origin has been tracked to the initial commit of pkexec, more than 12 years ago, meaning that all Polkit versions are affected.

Part of the Polkit open-source application framework that negotiates the interaction between privileged and unprivileged processes, pkexec allows an authorized user to execute commands as another user, doubling as an alternative to sudo. Researchers at Qualys information security company found that the pkexec program could be used by local attackers to increase privileges to root on default installations of Ubuntu, Debian, Fedora, and CentOS.

Source

Tags

Linux Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th