FREE Root Shells on Linux Servers Thanks to polkitd Vulnerability

Jan 26, 2022 @ 9:49 am

alma, centos, debian, hacking, linux, pwnkit, redhat, Security, ubuntu, vulnerability

Tux Target A new vulnerability that affects many Linux systems has been revealed: Pwnkit. This attack uses a vulnerability in polkitd to allow any user to escalate his privileges to root. There are patches for major Linux systems: see the LowEndTalk thread. Thanks to @FoxelVox for posting this on LET.

It’s important to note that the vulnerability can only be used by users logged into the system. You can’t launch this attack on just any Linux box you ping on the network.

I tested on my Debian 11 systems. I find that none of my remote VMs are running polkitd, which is a user privilege management tool (previously called PolicyKit), however all of my home systems are. On my VMs, without polkitd running, the attack compiles but doesn’t work. However, it works just fine where polkitd is running.

Patch your systems ASAP!

"OMG! I Never Knew That!": The Simply Linux Tip That Has Got Me More Thanks Than Anything I've Ever ...

Have You Missed Any of these LowEndBoxTV Videos?

Need a Laugh? Read the Linux Kernel List's Foam-Mouthed Responses to Russian Programmers Banned from...

LowEndBoxTV: Ubuntu 24: Hot Rod Ferrari Speed Freak, Crippled Dump Truck, or Somewhere in Between?

LowEndBoxTV: Free Power Toys for Your Linux Server!

Nontechnical Nonsense: Rust Stirs Up a Storm of Drama in the Linux Kernel: Ted T'so Shouting, Mainta...

Author
Recent Posts

raindog308

Dread Lord of LowEnd Content at LowEndBox

I'm raindog308, techno polymath and long-time LowEndTalk community Administrator. My technical interests include all things Unix, perl, python, golang, shell scripting, vintage operating systems such as MVS, and relational database systems such as Oracle, PostgreSQL, and MySQL.

I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.

I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308

2 Comments

Jon Cooper:
Dear Dreadlord. Is this still a problem if I (to my knowledge) only have one user (root) i.e. me?! Web requests come in from the www-data user, though. Thank you. Jon.C.
January 26, 2022 @ 10:16 am | Reply
- raindog308:
  No they must have a shell…unless they can trick your php app into executing something on the server…
  January 28, 2022 @ 9:53 am | Reply