viralamo

Menu
  • Technology
  • Science
  • Money
  • Culturs
  • Trending
  • Video

Subscribe To Our Website To Receive The Last Stories

Join Us Now For Free
Home
Technology
A bug lurking for 12 years gives attackers root on every major Linux distro
Technology

A bug lurking for 12 years gives attackers root on every major Linux distro

26/01/2022

A laptop screen filled with stylized illustration of cybercrime.

Linux users on Tuesday got a major dose of bad news—a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running any major distribution of the open source operating system.

Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. It also allows users to execute commands with high privileges by using a component called pkexec, followed by the command.

Trivial to exploit and 100 percent reliable

Like most OSes, Linux provides a hierarchy of permission levels that controls when and what apps or users can interact with sensitive system resources. The design is intended to limit the damage that can happen if the app is hacked or malicious or if a user isn’t trusted to have administrative control of a network.

Since 2009, pkexec has contained a memory-corruption vulnerability that people with limited control of a vulnerable machine can exploit to escalate privileges all the way to root. Exploiting the flaw is trivial and, by some accounts, 100 percent reliable. Attackers who already have a toehold on a vulnerable machine can abuse the vulnerability to ensure a malicious payload or command runs with the highest system rights available. PwnKit, as researchers are calling the vulnerability, is also exploitable even if the Polkit daemon itself isn’t running.

PwnKit was discovered by researchers from security firm Qualys in November and was disclosed on Tuesday after being patched in most Linux distributions.

In an email, Qualys Director of Vulnerability Threat Research Bharat Jogi wrote:

Advertisement

The most likely attack scenario is from an internal threat where a malicious user can escalate from no privileges whatsoever to full root privileges. From an external threat perspective, if an attacker has been able to gain foothold on a system via another vulnerability or a password breach, that attacker can then escalate to full root privileges through this vulnerability.

Jogi said exploits require local authenticated access to the vulnerable machine and isn’t exploitable remotely without such authentication. Here’s a video of the exploit in action.

PwnKit Vulnerability.

For now, Qualys isn’t releasing proof-of-concept exploit code out of concern the code will prove more of a boon to black hats than to defenders. Researchers said that it’s only a matter of time until PwnKit is exploited in the wild.

“We expect that the exploit will become public soon and that attackers will start exploiting it—this is especially dangerous for any multi-user system that allows shell access to users,” Bojan Zdrnja, a penetration tester and a handler at SANS, wrote. The researcher said he successfully recreated an exploit that worked on a machine running Ubuntu 20.04.

SANS

Major Linux distributors have released patches for the vulnerability, and security professionals are strongly urging administrators to prioritize installing the patch. Those who can’t patch immediately should perform the following mitigation: remove the read/write rights of pkexec with the chmod 0755 /usr/bin/pkexec command.

Those who want to know if the vulnerability has been exploited on their systems can check for log entries that say either “The value for the SHELL variable was not found the /etc/shells file” or “The value for environment variable […] contains suspicious content.” Qualys, however, cautioned people that PwnKit is also exploitable without leaving any traces.

Source link

Share
Tweet
Pinterest
Linkedin
Stumble
Google+
Email
Prev Article
Next Article

Related Articles

The content unbundling problem that’s stifling us
Jim Barksdale, former CEO of Netscape, said there are “only …

The content unbundling problem that’s stifling us

Final Fantasy VII Remake resurrects my interest in Square Enix’s flagship series
For anyone in their 30s and 40s, discussing any topic …

Final Fantasy VII Remake resurrects my interest in Square Enix’s flagship series

Leave a Reply Cancel reply

Find us on Facebook

Related Posts

  • California judge rules Uber and Lyft must classify drivers as employees
    California judge rules Uber and Lyft must …
    12/08/2020
  • Researcher reveals Mac privacy bug, blasts Apple for ‘security theater’
    Researcher reveals Mac privacy bug, blasts Apple …
    30/06/2020
  • No, IBM is not the only relevant player in virtual agents
    No, IBM is not the only relevant …
    11/01/2020
  • Ambarella shows off new robotics platform and AWS AI programming deal
    Ambarella shows off new robotics platform and …
    02/01/2020
  • Caddy offers TLS, HTTPS, and more in one dependency-free Go Web server
    Caddy offers TLS, HTTPS, and more in …
    06/05/2020

Popular Posts

  • 10 Real Historical Events That Inspired ‘Game …
    22/05/2022 0
  • Top 10 Most Singular Encounters with Unidentified …
    24/04/2022 0
  • 10 Creepy Apocalyptical Predictions – Listverse
    25/04/2022 0
  • 10 Meetings That Shaped History – Listverse
    25/04/2022 0
  • The first “Meta Store” is opening in California in May
    The first “Meta Store” is opening in …
    25/04/2022 0

viralamo

Pages

  • Contact Us
  • Privacy Policy
Copyright © 2022 viralamo
Theme by MyThemeShop.com

Ad Blocker Detected

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by disabling your ad blocker.

Refresh