A new vulnerability that affects many Linux systems has been revealed: Pwnkit. This attack uses a vulnerability in polkitd to allow any user to escalate his privileges to root. There are patches for major Linux systems: see the LowEndTalk thread. Thanks to @FoxelVox for posting this on LET.
It’s important to note that the vulnerability can only be used by users logged into the system. You can’t launch this attack on just any Linux box you ping on the network.
I tested on my Debian 11 systems. I find that none of my remote VMs are running polkitd, which is a user privilege management tool (previously called PolicyKit), however all of my home systems are. On my VMs, without polkitd running, the attack compiles but doesn’t work. However, it works just fine where polkitd is running.
Patch your systems ASAP!
Related Posts:
How to Keep Your VPS Safe From Hackers in Less Than 10 Minutes
Five Times When Updating Your OS Would Have Saved You From Being Hacked
"OMG! I Never Knew That!": The Simply Linux Tip That Has Got Me More Thanks Than Anything I've Ever ...
Have You Missed Any of these LowEndBoxTV Videos?
Need a Laugh? Read the Linux Kernel List's Foam-Mouthed Responses to Russian Programmers Banned from...
LowEndBoxTV: Ubuntu 24: Hot Rod Ferrari Speed Freak, Crippled Dump Truck, or Somewhere in Between?
Raindog308 is a longtime LowEndTalk community administrator, technical writer, and self-described techno polymath. With deep roots in the *nix world, he has a passion for systems both modern and vintage, ranging from Unix, Perl, Python, and Golang to shell scripting and mainframe-era operating systems like MVS. He’s equally comfortable with relational database systems, having spent years working with Oracle, PostgreSQL, and MySQL.
As an avid user of LowEndBox providers, Raindog runs an empire of LEBs, from tiny boxes for VPNs, to mid-sized instances for application hosting, and heavyweight servers for data storage and complex databases. He brings both technical rigor and real-world experience to every piece he writes.
Beyond the command line, Raindog is a lover of German Shepherds, high-quality knives, target shooting, theology, tabletop RPGs, and hiking in deep, quiet forests.
His goal with every article is to help users, from beginners to seasoned sysadmins, get more value, performance, and enjoyment out of their infrastructure.
You can find him daily in the forums at LowEndTalk under the handle @raindog308.
Dear Dreadlord. Is this still a problem if I (to my knowledge) only have one user (root) i.e. me?! Web requests come in from the www-data user, though. Thank you. Jon.C.
No they must have a shell…unless they can trick your php app into executing something on the server…