LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

FREE Root Shells on Linux Servers Thanks to polkitd Vulnerability

Tags: , , , , , , , , , Date/Time: January 26, 2022 @ 9:49 am, by raindog308

Tux TargetA new vulnerability that affects many Linux systems has been revealed: Pwnkit. This attack uses a vulnerability in polkitd to allow any user to escalate his privileges to root.  There are patches for major Linux systems: see the LowEndTalk thread.  Thanks to @FoxelVox for posting this on LET.

It’s important to note that the vulnerability can only be used by users logged into the system.  You can’t launch this attack on just any Linux box you ping on the network.

I tested on my Debian 11 systems.  I find that none of my remote VMs are running polkitd, which is a user privilege management tool (previously called PolicyKit), however all of my home systems are.  On my VMs, without polkitd running, the attack compiles but doesn’t work.  However, it works just fine where polkitd is running.

Patch your systems ASAP!

2 Comments

  1. Jon Cooper:

    Dear Dreadlord. Is this still a problem if I (to my knowledge) only have one user (root) i.e. me?! Web requests come in from the www-data user, though. Thank you. Jon.C.

    January 26, 2022 @ 10:16 am | Reply
    • raindog308:

      No they must have a shell…unless they can trick your php app into executing something on the server…

      January 28, 2022 @ 9:53 am | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published.