Pkexec Exploit Gives Attackers Root on Major Linux Distros

  • Thread starter Thread starter jim mcnamara
  • Start date Start date
  • Tags Tags
    Linux
Click For Summary
The pkexec vulnerability, identified as CVE-2021-4034, allows attackers to gain root access on major Linux distributions, having remained unaddressed for 12 years. Both the Linux kernel and pkexec maintainers are currently developing patches to resolve this critical issue. Michael Kerrisk, who previously raised concerns about this vulnerability in 2008, highlights the urgency for a fix following its recent exploit demonstration. Users can temporarily mitigate the risk by removing the setuid bit from the pkexec executable. The situation remains concerning, particularly for systems like WSL Ubuntu, which still exhibit the vulnerability.
Technology news on Phys.org
PeterDonis said:
It looks like both the Linux kernel and the pkexec maintainers have patches in the works:

https://lore.kernel.org/lkml/20220126043947.10058-1-ariadne@dereferenced.org/T/

It looks like a proud "I told you so" moment for Michael Kerrisk:
https://lore.kernel.org/lkml/20220126043947.10058-1-ariadne@dereferenced.org/T/ said:
Interestingly, Michael Kerrisk opened an issue about this in 2008,
but there was no consensus to support fixing this issue then.
Hopefully now that CVE-2021-4034 shows practical exploitative use
of this bug in a shellcode, we can reconsider.
 
My linux boxes are offline for a while - but WSL Ubuntu shows the problem. That does not bode well for a fix... in the next month.
 
jim mcnamara said:
WSL Ubuntu shows the problem.
You can "fix" it at least for the time being by removing the setuid bit from the pkexec executable.
 
Reply
  • Like
Likes jim mcnamara

Thread 'For those who ask: "What programming language should I learn?"'

Learn If you want to write code for Python Machine learning, AI Statistics/data analysis Scientific research Web application servers Some microcontrollers JavaScript/Node JS/TypeScript Web sites Web application servers C# Games (Unity) Consumer applications (Windows) Business applications C++ Games (Unreal Engine) Operating systems, device drivers Microcontrollers/embedded systems Consumer applications (Linux) Some more tips: Do not learn C++ (or any other dialect of C) as a...
View full post »

Similar threads

IPhone zero-click Wi-Fi exploit: One of the most breathtaking hacks
  • · Replies 3 ·
Replies
3
Views
1K
Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
  • · Replies 8 ·
Replies
8
Views
4K
Plagiarism & ChatGPT: Is Cheating with AI the New Normal?
  • · Replies 39 ·
2
Replies
39
Views
9K
A novel compound epicyclic gear system I can't seem to understand
  • · Replies 1 ·
Replies
1
Views
2K
RIP Edwin F Taylor (1931-2025)
  • · Replies 3 ·
Replies
3
Views
865
Current and Future AI Threats to Humanity and the Human Response
  • · Replies 10 ·
Replies
10
Views
4K
Writing: Input Wanted Can a Gamma-Ray Burst Affect Communication Devices?
  • · Replies 6 ·
Replies
6
Views
3K
BRS: PKI Cryptosystems for SA/Ms: A Tutorial
  • · Replies 13 ·
Replies
13
Views
4K
Too Much Stellar Flux: Fixing a 25-year old Problem
  • · Replies 9 ·
Replies
9
Views
3K
Engineering Change of major as a junior: Physics or Aerospace Engineering?
  • · Replies 4 ·
Replies
4
Views
2K