Qualys security researchers have found a critical flaw (CVE-2021-4034) that affects all GNU/Linux distributions and allows any user to gain “root” privileges. That is, total control of the system.
This flaw is found in the “Polkit” software package. Installed by default in all Linux distributions, it allows you to temporarily assign administrator rights to non-privileged processes. Thanks to the “pkexec” command, it also allows a user to execute commands with administrator rights. Which is very convenient.
Unfortunately, the “pkexec” code contains a bug in the handling of pointers, some of which end up referencing areas of memory that they shouldn’t. By exploiting this flaw, it is possible to obtain administrator privileges almost instantly, as shown in a video produced by Qualys.
Called “PwnKit”, this flaw is frankly banal, and it only took a few hours after the publication of the blog post from Qualys to see the first exploit code appear in the public space.
It is surprising that this error has not been corrected before, given the rather critical role of Polkit and its very wide distribution. Computer scientist Ryan Mallon had already identified it in 2013 and described it in detail in a blog post. He even says he sent a patch to the authors of the software, but nothing happened. It is likely that in the middle of pirates, this information has not gone unnoticed.
Lol, I blogged about this polkit vulnerability in 2013: https://t.co/a6ciqwCmyt. I failed to find an actual avenue for exploitation, but did identify the root cause.
— Ryan Mallon (@ryiron) January 26, 2022
Ubuntu and Red Hat distributions have already released a patch for supported versions of their operating system. The others should do so soon.
In the meantime, it is possible to evacuate the risk by modifying the rights of the “pkexec” executable with the command chmod. Note, finally, that this flaw cannot be exploited remotely. You must already be logged into the system to do so.
Source : Qualys