This easily exploitable bug affects all Linux distros

By Scott Marlette Last updated Jan 26, 2022

Cybersecurity researchers from Qualys have found an “extremely severe” vulnerability in Linux, which affects every major distro for the operating system (OS).

The vulnerability, “hiding in plain sight” for more than 12 years, is a memory corruption in polkit’s pkexec.

As explained by the researchers, it’s an SUID-root program, installed by default. Malicious actors could exploit the bug to gain full root privileges on the target machine, and then do as they please – even install malware or ransomware.

Polkit flaw

The vulnerability has existed for almost a decade, according to a blog post by Bharat Jogi, Director, Vulnerability and Threat Research, Qualys.

Jogi explains Polkit as a component that controls system-wide privileges in Unix-like operating systems, and as such, provides an organized way for non-privileged processes to communicate with privileged ones.

“If our PATH is “PATH=name=.”, and if the directory “name=.” exists and contains an executable file named “value”, then a pointer to the string “name=./value” is written out-of-bounds to envp[0],” the blog noted.

Polkit can also be used to execute commands with elevated privileges, by using the command pkexec, followed by whatever command needs to be executed (with root permission).

Easily exploitable bug

The researchers are saying the flaw is easily exploitable, and has been tested as working on Ubuntu, Debian, Fedora, and CentOS. Other Linux distros are “likely vulnerable and probably exploitable”, the report states.

To mitigate the problem, Qualys suggests users patch up their systems immediately, by searching the vulnerability knowledgebase for CVE-2021-4034, to identify all the QIDs, and vulnerable assets. Patches are already out for both Ubuntu and Red Hat.

For those whose systems cannot be immediately patched, ZDNet’s Steven Vaughan-Nichols suggests removing the SUID-bit from pkexec as temporary mitigation.

According to Vaughan-Nichols, this root-powered shell command will stop attacks:

# chmod 0755 /usr/bin/pkexec

Linux is no stranger to decades-old vulnerabilities. A year ago, Qualys discovered a privilege escalation vulnerability in one of the core utilities present in all Unix-like operating systems including Linux. If exploited, the heap overflow vulnerability in the Sudo utility could allow any unprivileged user to gain root privileges.

For all the latest Technology News Click Here

For the latest news and updates, follow us on Google News.

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.