Major Linux PolicyKit security vulnerability uncovered: Pwnkit

Something that needs to brought more are the Linux vulnerabilities. I’ll start bringing them up more since it is not discussed or allow on the Telegram channel for some reason:

A serious memory corruption vulnerability in polkit (formerly PolicyKit) has finally been discovered after 12+ years. This program is found in essentially all modern Linux distributions.

2 Likes

Hey @Autonomous_Collectiv and welcome to the forums!
This article was discussed shortly on the Telegram Channel, as I did a small research and posted a response as well. In order for that vulnerability to work, the two parameters need to happen at the same time:

  1. The distro must be utilizing the PolKit utility (many distros are shipped with it, but not all utilize it)
  2. The hacker must have physical access to your system, or at least via SSH and gain the user’s password

What this issue does is to grant elevated privileges to users who are not part of the sudo or wheel (for RedHat distros) groups. Therefore, even if PolKit is used, the moment the user password is a strong one, it is extremely unlikely anyone will be able to break through.

A good guide on password is this video:

Therefore, this issue is something that can mainly affect servers, in the case the SSH login is too simple. Other than a strong password, a good practice will be to shift the SSH port to exist in the thousands and not the default port 22.

At this point in time, this vulnerability has been addressed.

3 Likes

Here’s a video pertaing to the same thing. This guy is real sharp.

2 Likes

Thanks for bringing this to our attention. My understanding is that patches to this vulnerability were made available within days of its discovery and this is no longer an issue if you’ve updated your system.

If I might make a humble suggestion, while it is good for us all to learn about new security vulnerabilities, it would help if links were provided to the original source article or report for that vulnerability. This way, we can get details about it and a better understanding as to what we may need to do in order to secure our systems while we await related security patches. If you’re a security expert or enthusiast, perhaps you wouldn’t also mind breaking down the technical aspects of the vulnerability that you’re reporting, for the rest of us who might not be as technically astute. :slightly_smiling_face: If I hadn’t read @vasileios explanation this would have had me a bit worried at first glance.

The ZDNet article is typical of main stream media fear mongering and hype. It provides information of no value, does an inadequate job of explaining the vulnerability and tells us nothing that would help us to mitigate against it. Compare their article to the source article linked below, which explains what the vulnerability is in detail. It appears that perhaps we’ve been the victim of sloppy coding. Memory related vulnerabilities are the most common vulnerabilities in C (and in C++, Java, Python, Javascript, and many other languages). One recent incident that comes to mind is the Log4J vulnerability, which caused havoc the world over.

2 Likes