Technology

A major Linux vulnerability was discovered: Pwnkit

After a Linux problem – the bug in the fs/fs_context.c program of noyau Linux – this was found and corrected, a new security problem was discovered.

Cette fois, the Qualys security company discovered a corruption vulnerability from memory in Polkit’s pkexec program, identified under the name of CVE-2021-4034.

Polkit, formerly known as PolicyKit, is a SUID-root systemd program. I am installed by default dans all the main Linux distributions.

At what point is the bug est-il dangereux?

Il est très dangereux. This vulnerability is easy to exploit. Et, avec elle, n’importe quel utilisateur ordinaire can obtain les privilèges root sur un ordinateur vulnérable en exploitant cette vulnérabilité dans sa configuration par défaut. As Qualys l’a écrit dans sa description du problème, «cette vulnérabilité est le rêve devenu réalité d’un attackant».

Pourquoi est-ce si grave ?

Comptons les raisons:

  • Pkexec is installed by default on all major Linux distributions.
  • Qualys exploited the bug in Ubuntu, Debian, Fedora, and CentOS in their tests, and they are sure that other distributions are also exploitable.
  • Pkexec is vulnerable after it was created in May 2009 (commit c8c3d83, “Add a pkexec(1) command”).
  • A local non-privileged user can exploit the vulnerability to gain full root privileges.
  • Although this vulnerability is technically a corruption of memory, it is instantly exploitable and reliable, regardless of the architecture.
  • Et fin, elle est exploitable même si démon polkit lui-même n’est pas en cours d’exécution.

Menace pour les systèmes Unix

If cette vulnérabilité is si dangereuse, c’est parce que le program lui-même est puissant ; It is a component intended to control the privileges of the system ensemble in the Unix-type exploitation systems.

If it is said that Linux could be attacked, Solaris and other Unix systems could still be vulnerable. On sait cependant qu’OpenBSD ne peut pas être ataqué par des exploits utilisant cette vulnérabilité.

Red Hat evaluates PwnKit with a CVSS (Common Vulnerability Scoring System) score of 7.8. Ce score est elevé.

A vulnerability cache after more than 12 years

Lorsqu’il est utilisé correctly, Polkit fournit un moyen pour les processes non privileges de communiquer avec les processes privileges. It is also possible to use Polkit to execute the commands with the privileges that are used to use the pkexec command following the intended command to be executed with root permission.

In other terms, pkexec is similar to the sudo command. In effect, the Debian developers described it as “le sudo de systemd”.

Cette vulnerability, which is cached at the turn of all after more than 12 years, is a problem dans la façon dont pkexec lit les environnemental variables. The courteous version, according to Qualys, is the following: « if our PATH is “PATH=nom=.”, and if the repertoire is “nom=.” there is and contains an executable file named “valeur”, alors un pointeur vers la chaîne “nom=./valeur” est écrit hors limits dans envp[0] ».

A fail easy to exploiter

Although Qualys has not published a demonstration program, the company is certain that its exploits will not be late in the day. Frankly, it’s not like I’m hard to believe a PwnKit attack.

C’est pourquoi you devriez obtain et apply a correctif also quickly that possible auprès de votre distributeur Linux. If no correction is available for your exploitation system, you can suppress the SUID bit of pkexec as a measure for temporary attention. For example, cette commande shell en mode root permet de limiter les ataques : # chmod 0755 /usr/bin/pkexec.

If your system fails the object of an attack, I’m going to tell you about the traces in the journals. In general, it is the cause of a message of type « the value of the SHELL variable in the past found in the /etc/shells file » or « the value of the environment variable […] contains a content suspect ».

More a sophisticated attacker could realize an attack on PwnKit without laissez-faire traces dans les journaux.

Source: .com

Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled

Back to top button