Patch now: A newly discovered critical Linux vulnerability probably affects your systems – TechRepublic

Register for your free TechRepublic membership or if you are already a member, sign in using your preferred method below.
We recently updated our Terms and Conditions for TechRepublic Premium. By clicking continue, you agree to these updated terms.
Invalid email/username and password combination supplied.
An email has been sent to you with instructions on how to reset your password.
By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy.
You will also receive a complimentary subscription to TechRepublic’s News and Special Offers newsletter and the Top Story of the Day newsletter. You may unsubscribe from these newsletters at any time.
Username must be unique. Password must be a minimum of 6 characters and have any 3 of the 4 items: a number (0 through 9), a special character (such as !, $, #, %), an uppercase character (A through Z) or a lowercase (a through z) character (no spaces).
Patch now: A newly discovered critical Linux vulnerability probably affects your systems
Your email has been sent
Dubbed PwnKit, it’s been sitting in a user policy module used in Linux distros for over a decade and can be used by anyone to gain root privileges. Here’s what you can do to protect your systems.
Heads up, Linux users: A newly discovered vulnerability in pretty much every major distro allows any unprivileged user to gain root access to their target, and it’s been hiding in plain sight for 12 years.
Discovered by security researchers at Qualys, the vulnerability they’ve dubbed “PwnKit” takes advantage of the pkexec command, which allows users to execute commands as other users, that exists as part of the PolKit privilege control module installed on (for all practical purposes) every single distro, both vendor-specific and open source.
SEE: Google Chrome: Security and UI tips you need to know (TechRepublic Premium)
Make no mistake: This is a serious vulnerability. The actual execution isn’t very complicated, and Linux users with a good understanding of environment variables, user permissions and launching applications with arguments could feasibly craft an exploit that takes advantage of the PwnKit vulnerability. The research team responsible for its discovery was able to develop an exploit and gain root access on default installations of Ubuntu, Debian, Fedora and CentOS.
“Other Linux distributions are likely vulnerable and probably exploitable. This vulnerability has been hiding in plain sight for 12+ years and affects all versions of pkexec since its first version in May 2009,” Qualys director of vulnerability and threat research Bharat Jogi said in a post describing the discovery.
The vulnerability comes down to using an out-of-bounds write to trick pkexec into looking for a maliciously crafted PATH environment variable. It’s probably best to let Qualys explain it: “If our PATH is “PATH=name=.”, and if the directory “name=.” exists and contains an executable file named “value”, then a pointer to the string “name=./value” is written out-of-bounds to envp[0].”
It reintroduces an unsecure variable into pkexec’s environment, allowing the attacker to elevate their own privileges and run applications as root. Pkexec is used legitimately to run Linux applications as another user, which is an incredibly common thing to do, especially for Linux administrators and users who need to run a particular program without having an administrator account.
So, in essence anybody smart enough to craft a malicious PATH variable could use PwnKit to gain root privileges.
No one likes thinking about taking even a single production-essential machine offline, but in this case it’s a good idea to nip this potentially severe exploit in the bud and deal with taking important Linux machines offline for a bit.
Qualys says that patches have been released for all major Linux distros, and as pretty much all major distros are affected, it’s essential to patch now. In some instances of OEM-distributed Linux systems the vulnerability may still be present, or it may be more complicated to patch the affected machine, so contact your vendors to ensure you’re getting necessary patches.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
It’s also worth noting what ZDNet’s Steven Vaughan-Nichols said in a story about PwnKit: You can actually chmod yourself out of trouble if you can’t find or install patches immediately using the following root-powered shell command:
# chmod 0755 /usr/bin/pkexec
This command, for those unfamiliar with chmod numbering, makes it so that no one except for the owner (in this case, root) can write data to pkexec. This should only be considered a stop-gap until an actual patch can be installed.
DevOps software company JFrog has released a tool that Linux users can use to determine whether their systems are vulnerable to PwnKit, which can be downloaded from GitHub. While it’s safe to assume that your Linux systems are vulnerable, it’s always nice to have confirmation.
Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.
Patch now: A newly discovered critical Linux vulnerability probably affects your systems
Your email has been sent
Your message has been sent
TechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
These 11 cloud-to-cloud solutions back up your organization’s data so you’ll be covered in the event of deletions, malware or outages. Compare the best online cloud backup services now.
You can use a mobile device to speak with another person directly through the Teams app. Lance Whitney shows you how to use this handy feature.
A phishing technique called Browser in the Browser (BITB) has emerged, and it’s already aiming at government entities, including Ukraine. Find out how to protect against this new threat.
With so many project management software options to choose from, it can seem daunting to find the right one for your projects or company. We’ve narrowed them down to these nine.
Start-ups, DARPA and Accenture Ventures announce research partnerships, new hardware and strategic investments.
Procuring software packages for an organization is a complicated process that involves more than just technological knowledge. There are financial and support aspects to consider, proof of concepts to evaluate and vendor negotiations to handle. Navigating through the details of an RFP alone can be challenging, so use TechRepublic Premium’s Software Procurement Policy to establish …
Recruiting a Security Analyst with the right combination of technical expertise and experience will require a comprehensive screening process. This hiring kit from TechRepublic Premium includes a job description, sample interview questions and a basic want ad that you can customize for your business to find, interview, recruit and hire the best candidates for a …
Recruiting a DevOps engineer with the right combination of technical expertise and experience will require a comprehensive screening process. This hiring kit from TechRepublic Premium includes a job description, sample interview questions and a basic want ad that you can customize for your business to find, interview, recruit and hire the best candidates for a …
Video game writing jobs are in demand. Recruiting a video game/quest writer with the right combination of technical expertise and experience will require a comprehensive screening process. This hiring kit from TechRepublic Premium includes a job description, sample interview questions and a basic want ad that you can customize for your business to find, interview, …

source

We will be happy to hear your thoughts

Leave a reply

LINXGO
Logo
Compare items
  • Total (0)
Compare