Pkexec Exploit Gives Attackers Root on Major Linux Distros

  • Thread starter Thread starter jim mcnamara
  • Start date Start date
  • Tags Tags
    Linux
AI Thread Summary
The pkexec vulnerability, identified as CVE-2021-4034, allows attackers to gain root access on major Linux distributions, having remained unaddressed for 12 years. Both the Linux kernel and pkexec maintainers are currently developing patches to resolve this critical issue. Michael Kerrisk, who previously raised concerns about this vulnerability in 2008, highlights the urgency for a fix following its recent exploit demonstration. Users can temporarily mitigate the risk by removing the setuid bit from the pkexec executable. The situation remains concerning, particularly for systems like WSL Ubuntu, which still exhibit the vulnerability.
Technology news on Phys.org
PeterDonis said:
It looks like both the Linux kernel and the pkexec maintainers have patches in the works:

https://lore.kernel.org/lkml/20220126043947.10058-1-ariadne@dereferenced.org/T/

It looks like a proud "I told you so" moment for Michael Kerrisk:
https://lore.kernel.org/lkml/20220126043947.10058-1-ariadne@dereferenced.org/T/ said:
Interestingly, Michael Kerrisk opened an issue about this in 2008,
but there was no consensus to support fixing this issue then.
Hopefully now that CVE-2021-4034 shows practical exploitative use
of this bug in a shellcode, we can reconsider.
 
My linux boxes are offline for a while - but WSL Ubuntu shows the problem. That does not bode well for a fix... in the next month.
 
jim mcnamara said:
WSL Ubuntu shows the problem.
You can "fix" it at least for the time being by removing the setuid bit from the pkexec executable.
 
Reply
  • Like
Likes jim mcnamara

Thread 'Learning Assembly and computer architecture for x86'

Dear Peeps I have posted a few questions about programing on this sectio of the PF forum. I want to ask you veterans how you folks learn program in assembly and about computer architecture for the x86 family. In addition to finish learning C, I am also reading the book From bits to Gates to C and Beyond. In the book, it uses the mini LC3 assembly language. I also have books on assembly programming and computer architecture. The few famous ones i have are Computer Organization and...
View full post »

Thread 'Failure to be able to activate Arduino Mega 2650'

hi; i purchased 3 of these, AZDelivery 3 x AZ-MEGA2560-Board Bundle with Prototype Shield and each is reporting the error message below. I have triple checked every aspect of the set up and all seems in order, cable devices port, board reburn bootloader et al . I have substituted an arduino uno and it works fine; could you help please Thanks Martyn 'avrdude: ser_open(): can't set com-state for "\\.\COM3"avrdude: ser_drain(): read error: The handle is invalid.avrdude: ser_send(): write...
View full post »

Similar threads

IPhone zero-click Wi-Fi exploit: One of the most breathtaking hacks
Replies
3
Views
1K
Requesting suggestions for languages, libraries, and architectures for parallel (and sometimes non parallel) numerical and scientific computations
Replies
8
Views
4K
Plagiarism & ChatGPT: Is Cheating with AI the New Normal?
Replies
39
Views
9K
A novel compound epicyclic gear system I can't seem to understand
Replies
1
Views
1K
Exploring the Frontiers of Physics: An Amateur Scientist's Journey
Replies
1
Views
1K
RIP Edwin F Taylor (1931-2025)
Replies
3
Views
611
Current and Future AI Threats to Humanity and the Human Response
Replies
10
Views
4K
Writing: Input Wanted Can a Gamma-Ray Burst Affect Communication Devices?
Replies
6
Views
3K
BRS: PKI Cryptosystems for SA/Ms: A Tutorial
Replies
13
Views
3K
Too Much Stellar Flux: Fixing a 25-year old Problem
Replies
9
Views
3K

Hot Threads

Recent Insights

Back
Top