HomeWinBuzzer NewsPolkit Pkexec “PwnKit” Flaw Made Every Linux Distro Vulnerable for over a...

Polkit Pkexec “PwnKit” Flaw Made Every Linux Distro Vulnerable for over a Decade

All major Linux distros have been vulnerable for 12 years because of the “PwnKit” flaw in the Polkit pkexec program.

-

is the dream and used by millions of people around the world. It is respected for its security, but one vulnerability puts the whole “Linux is secure” boast under threat. According to a new report, a flaw known as “PwnKit” has been running on the platform over the last 12 or more years.

More importantly, the vulnerability spans every Linux distro, and it is an exploitable security big. The news comes when more people are starting to embrace Linux and malware increases on the platform.

Linux security experts Qualys found the vulnerability that potentially leaves every major Linux distribution open to an attack. If exploited, the flaw can give a threat actor access to a system through a local privilege escalation (LPE) attack.

Researchers with the firm were able to exploit the PwnKit flaw which is described as a memory corruption in PolKit's pkexec program. This is a Linux utility or SUID-root that is found on all the major platform distros.

Details

Qualys has labeled the vulnerability “PwnKit” with the ID “CVE-2021-4034.” It affects popular Linux distros like Debian, Ubuntu, Fedora, and CentOS.

It seems that the flaw has been in Polkit pkexec since the launch of the program. That means Linux has been sitting vulnerable for over 12 years. One of the reasons attackers have not targeted this flaw is because an attacker would need local access. The lack of remote attack makes this less dangerous, but even so there is no doubt this is a concerning flaw.

“Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host,” the researchers point out.

Qualys recommends users should immediately patch the flaw. Doing that depends on which Linux distro the user has; such is the broad surface of this bug.

Tip of the day: Did you know that you can assign keyboard shortcuts for starting applications quickly in and ? This is a great way to have your most used programs always at your fingertips. In our we show you how to set those hotkeys for your favorite apps.

SourceQualys
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News