12-Year-Old PolicyKit Local Privilege Escalation Flaw Now Patched in Major Linux Distros
|
|
Security researchers from Qualys have disclosed a flaw in the Polkit (formerly PolicyKit) component present in all GNU/Linux distributions for controlling system-wide privileges.
|
|
According to the researchers, the vulnerability (CVE-2021-4034) was discovered in PolicyKit’s pkexec tool, which incorrectly handled command-line arguments. This could lead to local privilege escalation, allowing any regular user in a GNU/Linux distribution to gain administrative privileges and run programs as an administrator (root).
The good news is that most major GNU/Linux distributions already received patched versions of the Polkit package. At the moment of writing, Debian published patches for Debian GNU/Linux 10 “Buster” and Debian GNU/Linux 11 “Bullseye” systems, and Canonical published patches for all of its supported Ubuntu releases. Full Story |
This topic does not have any threads posted yet!
You cannot post until you login.
