Polkit Flaw Allows Unprivileged to Obtain Root Access in Linux
Table of Contents
- By David Lukic
- Published: Jan 26, 2022
- Last Updated: Mar 18, 2022
The failure to address a digital security vulnerability in the Linux operating systems is causing significant problems. This system weakness is more than a decade old. Linux operating systems have a Polkit system utility vulnerability that allows unauthorized individuals to gain root access to the system.
What are the Technical Details of the Flaw?
The Polkit system utility flaw allows digital miscreants to obtain root privileges to computers operating with Linux systems. This development is tempered by the fact that a proof-of-concept exploit has surfaced on the web to counter the vulnerability. The digital security specialists at Qualys refer to the exploit as PwnKit. PwnKit extends from a write that is considered “out of bounds,” enabling the reimplementation of environment variables within the pkexec, creating significant insecurities.
The vulnerability compromises a Polkit component referred to as pkexec. Pkexec is a program added by default to all Linux distributions including CentOS, Fedora, Debian, and Ubunti. Polkit, previously known as PolicyKit, serves as a toolkit to control privileges across the entirety of the operating system, providing an avenue for processes that are non-privileged to interact with those that are privileged.
It is interesting to note that the Polkit flaw is the second such flaw within Polkit identified in the past two years. Rewind to the summer of 2021 and GitHub identified a vulnerability within a 7-year-old privilege escalation that has the potential to be abused so permissions can escalate to the root user.
It is also interesting to note the news about the Polkit flaw was released soon after that of the digital security weakness pertaining to the CVE-2022-0185 Linux kernel. This kernel can be exploited by a digital miscreant who accesses the system in the form of an unprivileged user with the end goal of escalating rights to obtain system control.
Why is the Vulnerability Such a Problem?
According to Bharat Jogi, a digital security expert with Qualys, the Polkit flaw is an issue as it empowers unprivileged users to obtain comprehensive privileges within vulnerable hosts through exploitation within the default configuration. Jogi states the exploit has been hiding for more than a decade, impacting every version of pkexec since its inception in the spring of 2009. However, the flaw wasn’t formally reported to Linux vendors until mid-November of 2021.
The Polkit vulnerability centers on a memory corruption case. The flaw has since been identified with the following string of letters and numbers: CVE-2021-4034. Though the vulnerability cannot be remotely exploited, a digital criminal who has established a presence on a target system through another pathway can use the flaw to control the computer through root privileges.
This digital security issue is even more threatening when you factor in the emergence of what cyber security specialists refer to as “PoCs in the wild.” Cyber security specialists describe PoCs in the wild as universal, meaning it is essential that the appropriate digital security patches are implemented as soon as possible.
What is the Best Line of Defense?
Both Ubuntu and Red Hat issued patches in response to the Polkit flaw to help prevent account takeovers. The hope is that these patches will prevent nefarious parties from using pkexec to execute commands while posing as an authorized user. Everyone who has a computer with an operating system should be aware that if a username is not specified, there is the potential for unauthorized commands to be executed by digital criminals as though they stem from the administrative super user.
