Pkexec Exploit Gives Attackers Root on Major Linux Distros

  • Thread starter Thread starter jim mcnamara
  • Start date Start date
  • Tags Tags
    Linux
AI Thread Summary
The pkexec vulnerability, identified as CVE-2021-4034, allows attackers to gain root access on major Linux distributions, having remained unaddressed for 12 years. Both the Linux kernel and pkexec maintainers are currently developing patches to resolve this critical issue. Michael Kerrisk, who previously raised concerns about this vulnerability in 2008, highlights the urgency for a fix following its recent exploit demonstration. Users can temporarily mitigate the risk by removing the setuid bit from the pkexec executable. The situation remains concerning, particularly for systems like WSL Ubuntu, which still exhibit the vulnerability.
Technology news on Phys.org
PeterDonis said:
It looks like both the Linux kernel and the pkexec maintainers have patches in the works:

https://lore.kernel.org/lkml/20220126043947.10058-1-ariadne@dereferenced.org/T/

It looks like a proud "I told you so" moment for Michael Kerrisk:
https://lore.kernel.org/lkml/20220126043947.10058-1-ariadne@dereferenced.org/T/ said:
Interestingly, Michael Kerrisk opened an issue about this in 2008,
but there was no consensus to support fixing this issue then.
Hopefully now that CVE-2021-4034 shows practical exploitative use
of this bug in a shellcode, we can reconsider.
 
My linux boxes are offline for a while - but WSL Ubuntu shows the problem. That does not bode well for a fix... in the next month.
 
jim mcnamara said:
WSL Ubuntu shows the problem.
You can "fix" it at least for the time being by removing the setuid bit from the pkexec executable.
 
  • Like
Likes jim mcnamara
Dear Peeps I have posted a few questions about programing on this sectio of the PF forum. I want to ask you veterans how you folks learn program in assembly and about computer architecture for the x86 family. In addition to finish learning C, I am also reading the book From bits to Gates to C and Beyond. In the book, it uses the mini LC3 assembly language. I also have books on assembly programming and computer architecture. The few famous ones i have are Computer Organization and...
I have a quick questions. I am going through a book on C programming on my own. Afterwards, I plan to go through something call data structures and algorithms on my own also in C. I also need to learn C++, Matlab and for personal interest Haskell. For the two topic of data structures and algorithms, I understand there are standard ones across all programming languages. After learning it through C, what would be the biggest issue when trying to implement the same data...
Back
Top