PwnKit – Linux system service bug that gives root on all major distros, exploit released.
Discovered: 1/28/2022
Impacted Tech: All major Linux distributions
Attacker Location: Internal
Highlights:
An exploit for a vulnerability in Polkit’s pkexec component gives an attacker or any other unprivileged user root access on any system using the default configuration of Polkit, which runs in the default configuration of all major Linux distributions.
Following the release of this vulnerability, an exploit was quickly released to the public that which functioned as intended.
Remediation:
The author of Polkit released a patch on their GitLab and urged administrators to install the necessary updates to protect their networks. Additional Linux distributions such as Ubuntu and RedHat have released updates addressing the vulnerability as well.
There is a temporary mitigation for those who have not updated any affected operating systems.
The following command strips pkexec’s privileges to prevent this exploit from working:
chmod 0755 /usr/bin/pkexecTo check for any signs of this exploit in your environment, you can check the logs for the following entries:
“The value for the SHELL variable was not found the /etc/shells file”
or
“The value for environment variable […] contains suspicious content.”References:
Vulnerability Alert 