Cybersecurity researchers from Qualys have found an “extremely severe” vulnerability in Linux, which affects every major distro for the operating system (OS).
The vulnerability, “hiding in plain sight” for more than 12 years, is a memory corruption in polkit’s pkexec.
As explained by the researchers, it’s an SUID-root program, installed by default. Malicious actors could exploit the bug to gain full root privileges on the target machine, and then do as they please – even install malware or ransomware.
The vulnerability has existed for almost a decade, according to a blog post by Bharat Jogi, Director, Vulnerability and Threat Research, Qualys.
Jogi explains Polkit as a component that controls system-wide privileges in Unix-like operating systems, and as such, provides an organized way for non-privileged processes to communicate with privileged ones.
“If our PATH is “PATH=name=.”, and if the directory “name=.” exists and contains an executable file named “value”, then a pointer to the string “name=./value” is written out-of-bounds to envp,” the blog noted.
Polkit can also be used to execute commands with elevated privileges, by using the command pkexec, followed by whatever command needs to be executed (with root permission).
Easily exploitable bug
The researchers are saying the flaw is easily exploitable, and has been tested as working on Ubuntu, Debian, Fedora, and CentOS. Other Linux distros are “likely vulnerable and probably exploitable”, the report states.
To mitigate the problem, Qualys suggests users patch up their systems immediately, by searching the vulnerability knowledgebase for CVE-2021-4034, to identify all the QIDs, and vulnerable assets. Patches are already out for both Ubuntu and Red Hat.
For those whose systems cannot be immediately patched, ZDNet’s Steven Vaughan-Nichols suggests removing the SUID-bit from pkexec as temporary mitigation.
According to Vaughan-Nichols, this root-powered shell command will stop attacks:
# chmod 0755 /usr/bin/pkexec
Linux is no stranger to decades-old vulnerabilities. A year ago, Qualys discovered a privilege escalation vulnerability in one of the core utilities present in all Unix-like operating systems including Linux. If exploited, the heap overflow vulnerability in the Sudo utility could allow any unprivileged user to gain root privileges.