Linux administrators are being urged to check for security updates after the discovery of a memory corruption vulnerability that has been around for over a decade.
According to researchers at Qualys, the problem is inside Polkit (formerly PolicyKit), a component for controlling system-wide privileges in Unix-like operating systems. Inside polkit is pkexec, a vulnerable SUID-root program that is installed by default on every major Linux distribution. Qualys dubs it the Pwnkit vulnerability.
“This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration,” the company said in a posting this week.
Qualys said it has been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS. Other Linux distributions are likely vulnerable and probably exploitable.
“This vulnerability has been hiding in plain sight for 12+ years and affects all versions of pkexec since its first version in May 2009 (commit c8c3d83, “Add a pkexec(1) command”),” the report says.
Red Hat was notified in November about the problem and has issued an advisory with mitigation instructions. An advisory and a patch were sent on January 11th to the OpenWall Project, whose patches and security extensions are included in many major Linux distributions.
Given the breadth of the attack surface for this vulnerability across both Linux and non-Linux OSes, Qualys recommends that users apply patches for this vulnerability immediately.
