A new vulnerability that affects many Linux systems has been revealed: Pwnkit. This attack uses a vulnerability in polkitd to allow any user to escalate his privileges to root. There are patches for major Linux systems: see the LowEndTalk thread. Thanks to @FoxelVox for posting this on LET.
It’s important to note that the vulnerability can only be used by users logged into the system. You can’t launch this attack on just any Linux box you ping on the network.
I tested on my Debian 11 systems. I find that none of my remote VMs are running polkitd, which is a user privilege management tool (previously called PolicyKit), however all of my home systems are. On my VMs, without polkitd running, the attack compiles but doesn’t work. However, it works just fine where polkitd is running.
Patch your systems ASAP!
Related Posts:
I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.
I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308
- Little Creek: 1GB VPS in Durham, North Carolina for only $13.95/YEAR! - March 30, 2023
- CWVPS Offers Unmetered SSD/NVME Linux/Windows KVM VPS in US/EU Locations and New Data Backup Services! Save Big! - March 30, 2023
- Easter Deals by RackNerd! KVM VPS in New York, New Jersey, Atlanta, Chicago, Dallas, and Seattle from $10.78/Year! - March 29, 2023
Dear Dreadlord. Is this still a problem if I (to my knowledge) only have one user (root) i.e. me?! Web requests come in from the www-data user, though. Thank you. Jon.C.
No they must have a shell…unless they can trick your php app into executing something on the server…