Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
PwnKit, a new PolKit vulnerability
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
mike155
Advocate
Advocate


Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany

PostPosted: Wed Jan 26, 2022 12:09 am    Post subject: PwnKit, a new PolKit vulnerability Reply with quote

LWN has an article about a new Polkit vulnerability:
Quote:
Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS. Other Linux distributions are likely vulnerable and probably exploitable. This vulnerability has been hiding in plain sight for 12+ years and affects all versions of pkexec since its first version in May 2009.

Original article from Qualys: PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9601
Location: almost Mile High in the USA

PostPosted: Wed Jan 26, 2022 1:24 am    Post subject: Reply with quote

Thank you. Appears <=sys-auth/polkit-0.120-r1 are affected

Issue is: Critical
Exploit is: Local
Ridiculousness of bug: very
Workaround: chmod -s /usr/bin/pkexec
Emergency fix: apply https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.patch to sys-auth/polkit-0.120-r1
Fix: pending. https://bugs.gentoo.org/832057

Note: edited, appears that the fix is fine for older polkit, just need to wait for stabilization
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
figueroa
Advocate
Advocate


Joined: 14 Aug 2005
Posts: 2894
Location: Edge of marsh USA

PostPosted: Wed Jan 26, 2022 4:54 am    Post subject: Reply with quote

How strange that I learn about this HERE and NOW, and not even posted under security. I guess it's OK. I've never been able to get pkexec to work to authenticate anything.
_________________
Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/17.1/desktop (stable), OpenRC, -systemd -pulseaudio -uefi
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9601
Location: almost Mile High in the USA

PostPosted: Wed Jan 26, 2022 6:44 am    Post subject: Reply with quote

Normally we don't get the GLSA until after it's been patched which is usually well after discovery and release to more mainstream distributions (...)
Oh well, not sure what the best way is if we aren't privileged to the bug report...

Please do apply the patch or remove suid from pkexec, don't need any more commandeered machines out there.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
fedeliallalinea
Administrator
Administrator


Joined: 08 Mar 2003
Posts: 30822
Location: here

PostPosted: Wed Jan 26, 2022 7:10 am    Post subject: Reply with quote

eccerr0r wrote:
Please do apply the patch or remove suid from pkexec, don't need any more commandeered machines out there.

New sys-auth/polkit-0.120-r2 version is out, so only sync and update
_________________
Questions are guaranteed in life; Answers aren't.
Back to top
View user's profile Send private message
Ionen
Developer
Developer


Joined: 06 Dec 2018
Posts: 2696

PostPosted: Wed Jan 26, 2022 8:21 am    Post subject: Reply with quote

The return of GLSAs is still being worked on (not that I've kept up much, afaik it's technical issues with the tooling to publish them -- security-fixing-wise everything is still happening as normal in a timely fashion).

So yes, >=120-r2 and 117-r3 are fixed (117 is the old pre-rust-spidermonkey one, albeit won't be needed for much longer given upstream merged the duktape PR today).

just emerge --sync, update polkit, confirm version and you're done, 120-r2 is already marked stable.
Back to top
View user's profile Send private message
pietinger
Moderator
Moderator


Joined: 17 Oct 2006
Posts: 3939
Location: Bavaria

PostPosted: Wed Jan 26, 2022 9:21 am    Post subject: Reply with quote

figueroa wrote:
How strange that I learn about this HERE and NOW, and not even posted under security. [...]

I think you are right. Moved to Security.
Back to top
View user's profile Send private message
mike155
Advocate
Advocate


Joined: 17 Sep 2010
Posts: 4438
Location: Frankfurt, Germany

PostPosted: Wed Jan 26, 2022 8:32 pm    Post subject: Reply with quote

Follow-up on LKML: https://lkml.org/lkml/2022/1/26/913
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9601
Location: almost Mile High in the USA

PostPosted: Wed Jan 26, 2022 10:48 pm    Post subject: Reply with quote

I always found this "feature" annoying, alas it wasn't specified by POSIX so it's not wrong... Figures that OpenBSD declares it wrong.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
sam_
Developer
Developer


Joined: 14 Aug 2020
Posts: 1646

PostPosted: Thu Jan 27, 2022 6:33 am    Post subject: Reply with quote

Ionen wrote:
The return of GLSAs is still being worked on (not that I've kept up much, afaik it's technical issues with the tooling to publish them -- security-fixing-wise everything is still happening as normal in a timely fashion).

So yes, >=120-r2 and 117-r3 are fixed (117 is the old pre-rust-spidermonkey one, albeit won't be needed for much longer given upstream merged the duktape PR today).

just emerge --sync, update polkit, confirm version and you're done, 120-r2 is already marked stable.


We're getting there!

Polkit GLSA published: GLSA 202201-01
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum