Recently a vulnerability was found in pkexec (identified as CVE-2021-4034 PwnKit) that allows an authenticated user to perform a privilege escalation attack, this affects default installations of all major Linux distributions.

All customers using Linux distributions are advised to immediately patch their systems against this vulnerability.

We recommend reviewing the following resources or the applicable documentation for your specific linux distribution:

https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034

https://access.redhat.com/security/vulnerabilities/RHSB-2022-001

https://ubuntu.com/security/CVE-2021-4034

 

Additional reading:

https://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-root-on-all-major-distros-exploit-released/



Среда, Январь 26, 2022

« Назад