Pkexec Exploit Gives Attackers Root on Major Linux Distros

  • Thread starter Thread starter jim mcnamara
  • Start date Start date
  • Tags Tags
    Linux
AI Thread Summary
The pkexec vulnerability, identified as CVE-2021-4034, allows attackers to gain root access on major Linux distributions, having remained unaddressed for 12 years. Both the Linux kernel and pkexec maintainers are currently developing patches to resolve this critical issue. Michael Kerrisk, who previously raised concerns about this vulnerability in 2008, highlights the urgency for a fix following its recent exploit demonstration. Users can temporarily mitigate the risk by removing the setuid bit from the pkexec executable. The situation remains concerning, particularly for systems like WSL Ubuntu, which still exhibit the vulnerability.
Technology news on Phys.org
PeterDonis said:
It looks like both the Linux kernel and the pkexec maintainers have patches in the works:

https://lore.kernel.org/lkml/20220126043947.10058-1-ariadne@dereferenced.org/T/

It looks like a proud "I told you so" moment for Michael Kerrisk:
https://lore.kernel.org/lkml/20220126043947.10058-1-ariadne@dereferenced.org/T/ said:
Interestingly, Michael Kerrisk opened an issue about this in 2008,
but there was no consensus to support fixing this issue then.
Hopefully now that CVE-2021-4034 shows practical exploitative use
of this bug in a shellcode, we can reconsider.
 
My linux boxes are offline for a while - but WSL Ubuntu shows the problem. That does not bode well for a fix... in the next month.
 
jim mcnamara said:
WSL Ubuntu shows the problem.
You can "fix" it at least for the time being by removing the setuid bit from the pkexec executable.
 
Reply
  • Like
Likes jim mcnamara
Thread 'Star maps using Blender'

Thread 'Star maps using Blender'

Blender just recently dropped a new version, 4.5(with 5.0 on the horizon), and within it was a new feature for which I immediately thought of a use for. The new feature was a .csv importer for Geometry nodes. Geometry nodes are a method of modelling that uses a node tree to create 3D models which offers more flexibility than straight modeling does. The .csv importer node allows you to bring in a .csv file and use the data in it to control aspects of your model. So for example, if you...
View full post »

Thread 'Who is responsible for the software when AI takes over programming?'

I tried a web search "the loss of programming ", and found an article saying that all aspects of writing, developing, and testing software programs will one day all be handled through artificial intelligence. One must wonder then, who is responsible. WHO is responsible for any problems, bugs, deficiencies, or whatever malfunctions which the programs make their users endure? Things may work wrong however the "wrong" happens. AI needs to fix the problems for the users. Any way to...
View full post »

Similar threads

IPhone zero-click Wi-Fi exploit: One of the most breathtaking hacks
Replies
3
Views
1K
Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
Replies
8
Views
4K
Plagiarism & ChatGPT: Is Cheating with AI the New Normal?
Replies
39
Views
9K
A novel compound epicyclic gear system I can't seem to understand
Replies
1
Views
1K
Exploring the Frontiers of Physics: An Amateur Scientist's Journey
Replies
1
Views
1K
RIP Edwin F Taylor (1931-2025)
Replies
3
Views
666
Current and Future AI Threats to Humanity and the Human Response
Replies
10
Views
4K
Writing: Input Wanted Can a Gamma-Ray Burst Affect Communication Devices?
Replies
6
Views
3K
BRS: PKI Cryptosystems for SA/Ms: A Tutorial
Replies
13
Views
3K
Too Much Stellar Flux: Fixing a 25-year old Problem
Replies
9
Views
3K

Hot Threads

Recent Insights

Back
Top