View previous topic :: View next topic |
Author |
Message |
mike155 Advocate
Joined: 17 Sep 2010 Posts: 4438 Location: Frankfurt, Germany
|
Posted: Wed Jan 26, 2022 12:09 am Post subject: PwnKit, a new PolKit vulnerability |
|
|
LWN has an article about a new Polkit vulnerability:
Quote: | Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS. Other Linux distributions are likely vulnerable and probably exploitable. This vulnerability has been hiding in plain sight for 12+ years and affects all versions of pkexec since its first version in May 2009. |
Original article from Qualys: PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034) |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9601 Location: almost Mile High in the USA
|
|
Back to top |
|
|
figueroa Advocate
Joined: 14 Aug 2005 Posts: 2894 Location: Edge of marsh USA
|
Posted: Wed Jan 26, 2022 4:54 am Post subject: |
|
|
How strange that I learn about this HERE and NOW, and not even posted under security. I guess it's OK. I've never been able to get pkexec to work to authenticate anything. _________________ Andy Figueroa
hp pavilion hpe h8-1260t/2AB5; spinning rust x3
i7-2600 @ 3.40GHz; 16 gb; Radeon HD 7570
amd64/17.1/desktop (stable), OpenRC, -systemd -pulseaudio -uefi |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9601 Location: almost Mile High in the USA
|
Posted: Wed Jan 26, 2022 6:44 am Post subject: |
|
|
Normally we don't get the GLSA until after it's been patched which is usually well after discovery and release to more mainstream distributions (...)
Oh well, not sure what the best way is if we aren't privileged to the bug report...
Please do apply the patch or remove suid from pkexec, don't need any more commandeered machines out there. _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
fedeliallalinea Administrator
Joined: 08 Mar 2003 Posts: 30822 Location: here
|
Posted: Wed Jan 26, 2022 7:10 am Post subject: |
|
|
eccerr0r wrote: | Please do apply the patch or remove suid from pkexec, don't need any more commandeered machines out there. |
New sys-auth/polkit-0.120-r2 version is out, so only sync and update _________________ Questions are guaranteed in life; Answers aren't. |
|
Back to top |
|
|
Ionen Developer
Joined: 06 Dec 2018 Posts: 2696
|
Posted: Wed Jan 26, 2022 8:21 am Post subject: |
|
|
The return of GLSAs is still being worked on (not that I've kept up much, afaik it's technical issues with the tooling to publish them -- security-fixing-wise everything is still happening as normal in a timely fashion).
So yes, >=120-r2 and 117-r3 are fixed (117 is the old pre-rust-spidermonkey one, albeit won't be needed for much longer given upstream merged the duktape PR today).
just emerge --sync, update polkit, confirm version and you're done, 120-r2 is already marked stable. |
|
Back to top |
|
|
pietinger Moderator
Joined: 17 Oct 2006 Posts: 3939 Location: Bavaria
|
Posted: Wed Jan 26, 2022 9:21 am Post subject: |
|
|
figueroa wrote: | How strange that I learn about this HERE and NOW, and not even posted under security. [...] |
I think you are right. Moved to Security. |
|
Back to top |
|
|
mike155 Advocate
Joined: 17 Sep 2010 Posts: 4438 Location: Frankfurt, Germany
|
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9601 Location: almost Mile High in the USA
|
Posted: Wed Jan 26, 2022 10:48 pm Post subject: |
|
|
I always found this "feature" annoying, alas it wasn't specified by POSIX so it's not wrong... Figures that OpenBSD declares it wrong. _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
sam_ Developer
Joined: 14 Aug 2020 Posts: 1646
|
Posted: Thu Jan 27, 2022 6:33 am Post subject: |
|
|
Ionen wrote: | The return of GLSAs is still being worked on (not that I've kept up much, afaik it's technical issues with the tooling to publish them -- security-fixing-wise everything is still happening as normal in a timely fashion).
So yes, >=120-r2 and 117-r3 are fixed (117 is the old pre-rust-spidermonkey one, albeit won't be needed for much longer given upstream merged the duktape PR today).
just emerge --sync, update polkit, confirm version and you're done, 120-r2 is already marked stable. |
We're getting there!
Polkit GLSA published: GLSA 202201-01 |
|
Back to top |
|
|
|