Seven Year Old Privilege Escalation Vulnerability Found In Some Linux Distros, Patch Now
A seven-year-old local privilege escalation bug has reared its head and finally got a fix. When it was available, exploiting the vulnerability in the polkit authentication service could have allowed attackers to get a root shell on several actively-used Linux distros.
On Linux, polkit is effectively a bouncer of sorts who decides whether a user is allowed to do something that requires higher privileges. Discovered by security researcher Kevin Backhouse, the polkit bug that allows users to break this security was introduced in a commit that shipped with service version .0113 over seven years ago.
To exploit this, it only takes a few terminal commands to create a user that is a member of the sudo-group. As it is easy to complete and the “highest threat from this vulnerability is to data confidentiality and integrity as well as system availability,” Red Hat has rated the CVE at 7.8 on the 10-point scale. You can see what exploiting this would look like in the proof-of-concept video above, created by Keven Backhouse on GitHub’s YouTube channel.
Thankfully, many of the most popular Linux distributions did not begin to ship with the vulnerability until more recently. This list of vulnerability Linux flavors includes RHEL 8, Fedora 21 or later, and Ubuntu 20.04. As such, you must update your Linux version as soon as possible to mitigate this now pressing security flaw.