What Is the PwnKit Vulnerability Affecting Linux Distributions?
PwnKit, a new vulnerability discovered on Linux systems, grants full superuser privileges to local users. Here’s everything you need to know.
Linux systems are known for being solid when it comes to security. Since most Linux programs come from trusted sources and are usually reviewed by the community, it’s pretty unusual to encounter very high-impact bugs. However, this doesn’t mean Linux is free from such problems altogether. The recent discovery of the PwnKit system service bug is one such example.
The PwnKit vulnerability is a serious bug that gives root privileges to any local user. This bug is especially dangerous because it affects almost all major Linux distributions.
How Does the PwnKit Vulnerability Work?
This bug has its roots in the Polkit system service, a popular way of providing communication channels between privileged and non-privileged processes. Many popular Linux distros, including Ubuntu, Debian, and Red Hat Enterprise Linux, use Polkit by default. So this bug has an extensive attack surface.
Notably, the pkexec component of Polkit is responsible for the vulnerability. It allows any unprivileged or local user to run Linux commands as root. A proof of concept program, which gives full root access to anyone, has also been made available.
We don’t recommend users download the vulnerable code themselves. You can see a demonstration of how it works in the following tweet.
To exploit a system using PwnKit, an attacker needs to download the source code into the victim’s system, compile it, and then run the program. The vulnerability itself is a simple memory overflow. But the fact that it’s readily exploitable and is independent of architecture makes it lucrative to attackers.
Protect Linux Systems Against PwnKit
Patches have already been made available for protecting against the PwnKit vulnerability. All you need to do is update your Linux distribution of choice, and you should be fine.
However, if you want to neutralize the PwnKit exploit manually, you can remove the setuid bit from the pkexec executable. In any case, updating the Polkit system should be enough for now.
Regular app updates are important for any Linux system. Here’s how you can update one app or all apps on Linux easily.
About The Author