Security researchers from Qualys have just discovered a 12-year-old Linux vulnerability that has remained undetected until now. The bug, dubbed PwnKit, allows hackers to gain full root privileges through an unprivileged user, thanks to a memory corruption vulnerability in polkit's pkexec. This is a SUID-root program installed on every major Linux distro.
According to the researchers, Polkit is a component for controlling privileges in Unix-like operating systems, including Linux distros. It effectively allows unprivileged processes to communicate with privileged processes currently running. If you are an administrator (or root) you can also use Polkit to push elevated commands if necessary.
Still, the actions required to successfully take advantage of PwnKit are pretty complicated (you can read the full analysis here). "[Qualys has] been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS," the security researchers explain. "Other Linux distributions are likely vulnerable and probably exploitable.
Thankfully this vulnerability was discovered by responsible security researchers and, as far as we know, hasn't been exploited in the wild just yet. However, the exploit could soon become public, allowing anyone to get their hands on this hack.
Fortunately, PwnKit patches have already been released to all major Linux distros, which plugs the exploit. Thus, it is strongly recommended to install this patch if you are on one of the affected Linux distros. It should be as simple as ensuring your Linux operating system has all available updates applied.
