Every major Linux distribution has an easily exploited memory-corruption bug that’s been lurking for 12 years – a stunning revelation that’s likely to be followed soon by in-the-wild exploits, researchers warn.
Successful exploitation gives full root access to any unprivileged user. The vulnerability – tracked as CVE-2021-4034, with a CVSS criticality score of 7.8 – is found in Polkit’s pkexec function. Polkit (formerly PolicyKit) provides an organized way for non-privileged processes to communicate with privileged processes, Qualys explained, and can be used to execute commands with elevated privileges using the command pkexec, followed by the command intended to be executed (with root permission).
Qualys researchers, who discovered the long-dormant powder keg and named it PwnKit, said in a Tuesday report that they developed a proof-of-concept (PoC) exploit and obtained full root privileges on default installations of CentOS, Debian, Fedora and Ubuntu.