Cybersecurity researchers from Qualys have found an “extremely severe” vulnerability in Linux (opens in new tab), which affects every major distro for the operating system (OS).
The vulnerability, “hiding in plain sight” for more than 12 years, is a memory corruption in polkit’s pkexec.
As explained by the researchers, it’s an SUID-root program, installed by default. Malicious actors could exploit the bug to gain full root privileges on the target machine, and then do as they please - even install malware (opens in new tab)or ransomware (opens in new tab).
The vulnerability has existed for almost a decade, according to a blog post (opens in new tab) by Bharat Jogi, Director, Vulnerability and Threat Research, Qualys.
Jogi explains Polkit as a component that controls system-wide privileges in Unix-like operating systems, and as such, provides an organized way for non-privileged processes to communicate with privileged ones.
"If our PATH is "PATH=name=.", and if the directory "name=." exists and contains an executable file named "value", then a pointer to the string "name=./value" is written out-of-bounds to envp,” the blog noted.
Polkit can also be used to execute commands with elevated privileges, by using the command pkexec, followed by whatever command needs to be executed (with root permission).
Easily exploitable bug
The researchers are saying the flaw is easily exploitable, and has been tested as working on Ubuntu, Debian, Fedora, and CentOS. Other Linux distros are “likely vulnerable and probably exploitable”, the report states.
To mitigate the problem, Qualys suggests users patch up their systems immediately, by searching the vulnerability knowledgebase for CVE-2021-4034, to identify all the QIDs, and vulnerable assets. Patches are already out for both Ubuntu and Red Hat.
> Ubuntu has a pretty serious security flaw, so patch now (opens in new tab)
> Google and Intel are worried about a new Linux vulnerability (opens in new tab)
> Decade-old vulnerability is still affecting most Linux distros (opens in new tab)
For those whose systems cannot be immediately patched, ZDNet’s (opens in new tab) Steven Vaughan-Nichols suggests removing the SUID-bit from pkexec as temporary mitigation.
According to Vaughan-Nichols, this root-powered shell command will stop attacks:
# chmod 0755 /usr/bin/pkexec
Linux is no stranger to decades-old vulnerabilities. A year ago, Qualys discovered a privilege escalation vulnerability in one of the core utilities present in all Unix-like operating systems including Linux. If exploited, the heap overflow vulnerability in the Sudo utility could allow any unprivileged user to gain root privileges.
- Here's our list of the best antivirus (opens in new tab) solutions right now