PwnKit vulnerability exposed: All major Linux distributions affected

2022-07-25 0 By

Linux security researchers at Qualys have uncovered a “PwnKit” vulnerability that is more than 12 years old and leaves all major Linux distributions vulnerable.The vulnerability, which allows hackers to improve local privileges (LPE), has been assigned as “CVE-2021-4034.”The team of researchers said that by exploiting the vulnerability, they were able to obtain full root privileges on the default installation of some Linux distributions, such as Ubuntu, Debian, Fedora and CentOS, and that the team believes other Linux distributions should also be affected.This is because the discovered defect is a memory corruption vulnerability in Polkit’s PKexec program, a suid-root program installed on all major Linux distributions.The vulnerability has been in PKEXEC since the beginning, and Qualys believes that every major Linux distribution has been targeted by hackers over the past 12 years.While the vulnerability cannot be exploited remotely, a hacker who gains access as an unprivileged user can use it to gain root privileges.