{"id":399829,"date":"2022-01-26T19:08:41","date_gmt":"2022-01-26T16:08:41","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/12-year-old-linux-vulnerability-grants-root-access\/"},"modified":"2022-01-26T19:08:41","modified_gmt":"2022-01-26T16:08:41","slug":"12-year-old-linux-vulnerability-grants-root-access","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/12-year-old-linux-vulnerability-grants-root-access\/","title":{"rendered":"#12-Year-Old Linux Vulnerability Grants Root Access"},"content":{"rendered":"

“#12-Year-Old Linux Vulnerability Grants Root Access”<\/strong><\/p>\n

\n
\n
\"Linux
fatmawati achmad zaenuri\/Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n

Sometimes, it can take a long time before a vulnerability is exploited. In the case of this Polkit (fka PolicyKit) issue, we\u2019re talking about a 12-year-old bug that\u2019s just been discovered and shown off in a proof of concept<\/a>.<\/p>\n

According to researchers at Qualys<\/a>, this Polkit vulnerability is in the default configuration of all major Linux distributions. It can be used to gain full root access to a system, which can open up a whole new world of problems.<\/p>\n

\u201cThe Qualys Research Team has discovered a memory corruption vulnerability in polkit\u2019s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration,\u201d said\u00a0Bharat Jogi, Director, Vulnerability and Threat Research, Qualys.<\/p>\n

The bug is called\u00a0CVE-2021-4034 or\u00a0PwnKit, and it\u2019s definitely something you want to watch out for if you\u2019re a Linux user. The issue isn\u2019t part of the Linux kernel itself, but part of the\u00a0Polkit software that\u2019s installed on almost every major distro.<\/p>\n

You can read all of the technical details about the exploit on Qualys website<\/a>\u00a0if you want to know more about how it works.<\/p>\n

Thankfully, several of the major Linux distros have already started rolling out updates to fix the exploit. Both Ubuntu<\/a> and\u00a0Debian 11<\/a> have received patches, and we expect others to follow in short order. Regardless of what Linux distro you use, make sure to run its update tool as soon as you can to make sure you have the latest version with the fix for this exploit.<\/p>\n<\/div>\n


\n\n<\/div>\n