Language Selection

English French German Italian Portuguese Spanish

Security Leftovers

Filed under
Security
  • CVE-2021-4034 – Ariadne's Space

    Before we get into this, I have seen a lot of people on Twitter blaming systemd for this vulnerability. It should be clarified that systemd has basically nothing to do with polkit, and has nothing at all to do with this vulnerability, systemd and polkit are separate projects largely maintained by different people.

    We should try to be empathetic toward software maintainers, including those from systemd and polkit, so writing inflammatory posts blaming systemd or its maintainers for polkit does not really help to fix the problems that made this a useful security vulnerability.

  • Windows ransomware LockBit makes the jump to Linux [Ed: Pro-Windows site. Misses the point that over 90% of ransomware is a Windows problem.]

    First, they came for Windows. Then, for Tux. As cool as Linux is, it's increasingly becoming a target for ransomware-friendly cyber criminals intent on ruining people's days.

  • These critical security bugs put Linux servers at risk of attack [Ed: Attack from the inside maybe; you need to actually have an account on such machines to begin with... compare to Windows with remotely-exploitable full compromise bugs/back doors]
  • Patch Now: A newly discovered critical Linux vulnerability probably affects your systems
  • IoT security certification group gains steam [Ed: Another fake security consortium? Their shoddy products might be best off avoided altogether, as there's rarely a practical need for such gimmicks.]

    The ioXT Alliance, which offers a certification program for IoT security, announced it has certified 195 products and grown to 580 members. Meanwhile, Timesys is seeking participants for a survey on IoT security.

DARKReading

Original

  • PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)

    Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged processes. It is also possible to use polkit to execute commands with elevated privileges using the command pkexec followed by the command intended to be executed (with root permission).

This Week In Security

  • This Week In Security: Geopolitical Hacktivism, Antivirus Mining, And Linux Malware | Hackaday

    So what’s the story with pkexec? NULL argv. OK, Linux programming 101 time. When a program is launched on Linux, it’s passed two parameters, normally named argc and argv. These are an integer, and an array of char pointers respectively. If you’re not a programmer, then think of this as the number of arguments, and the list of arguments. This information is used to parse and handle command line options inside the program. argc is always at least one, and argv[0] will always contain the name of the binary as executed. Except, that isn’t always the case. There’s another way to launch binaries, using the execve() function. That function allows the programmer to specify the list of arguments directly, including argument 0.

    So what happens if that list is just NULL? If a program was written to account for this possibility, like sudo, then all is well. pkexec, however, doesn’t include a check for an empty argv or an argc of 0. It acts as if there is an argument to read, and the way the program initialization happens in memory, it actually accesses the first environment variable instead, and treats it like an argument. It checks the system PATH for a matching binary, and rewrites what it thinks is it’s argument list, but is actually the environment variable. This means that uncontrolled text can be injected as an environment variable in pkexec, the setuid program.

A couple more on polkit

  • PwnKit: detect privilege escalation with CrowdSec - The open-source & collaborative IPS

    Qualys just published CVE-2021-4034 which is trivial to exploit and impacts a large variety of distributions and versions. In a nutshell, the vulnerability, also called PwnKit, allows for a local escalation of privilege (LPE), due to out-of-band writing, in Polkit’s Pkexec, an alternate solution to the “sudo” privilege management tool. Pkexec is installed by default on most popular Linux distributions. A successful exploit can lead to handing admin/root privileges to unauthorized users.

    While everybody loves a fine LPE, it’s mostly an excuse for us to take a look at another aspect of CrowdSec: pure alerting capabilities along with remediation.

  • What Is the PwnKit Vulnerability Affecting Linux Distributions?

    Linux systems are known for being solid when it comes to security. Since most Linux programs come from trusted sources and are usually reviewed by the community, it's pretty unusual to encounter very high-impact bugs. However, this doesn't mean Linux is free from such problems altogether. The recent discovery of the PwnKit system service bug is one such example.

    The PwnKit vulnerability is a serious bug that gives root privileges to any local user. This bug is especially dangerous because it affects almost all major Linux distributions.

BankInfoSecurity

Qualys

Linux distros haunted by Polkit-geist for 12+ years

  • Linux distros haunted by Polkit-geist for 12+ years: Bug grants root access to any user

    Linux vendors on Tuesday issued patches for a memory corruption vulnerability in a component called polkit that allows an unprivileged logged-in user to gain full root access on a system in its default configuration.

    Security vendor Qualys found the flaw and published details in a coordinated disclosure.

    Polkit, previously known as PolicyKit, is a tool for setting up policies governing how unprivileged processes interact with privileged ones. The vulnerability resides within polkit's pkexec, a SUID-root program that's installed by default on all major Linux distributions. Designated CVE-2021-4034, the vulnerability has been given a CVSS score of 7.8.

    Bharat Jogi, director of vulnerability and threat research at Qualys, explained in a blog post that the pkexec flaw opens the door to root privileges for an attacker. Qualys researchers, he said, have demonstrated exploitation on default installations of Ubuntu, Debian, Fedora, and CentOS, and other Linux distributions are presumed to be vulnerable as well.

  • 12-year-old Linux root privilege flaw has been "hiding in plain sight"

    An 'easily exploitable' root privilege security vulnerability has been discovered in popular default Linux distributions and "has been hiding in plain sight" for more than 12 years, according to security researchers.

Pwnkit is an easy-to-exploit vulnerability affecting all Linux

  • Pwnkit is an easy-to-exploit vulnerability affecting all Linux distros

    Linux has been known for being way more secure than Windows PCs. However, this may be changing soon as the platform is growing in popularity. According to a new report from Cybersecurity researchers from Qualys (via TechRadar), there is an “extremely severe” vulnerability in Linux. It’s very easy to exploit bugs and is affecting every major distro for the open-source Operating System.

    According to the researchers, this vulnerability has been “hiding in plain sight” for more than 12 years, and it’s memory corruption in polkit’s pkexec. According to the researchers, it’s a SUID-root program, installed by default. The malicious actors can exploit the bug to gain full root privileges on the target machine, and then do as they please. They can use the exploit to install malware or even ransomware.

Linux Vulnerability Discovered Impacting All Major Distros

  • Linux Vulnerability Discovered Impacting All Major Distros

    A major Linux vulnerability, impacting virtual all major distributions (distros), has been discovered, allowing a bad actor to obtain root privileges.

    On Linux, Unix, macOS, and other Unix-style operating systems, the root account has ultimate access to the system. As a result, when a user account is set up, it doesn’t have root access as a way of protecting the system from accidental damage.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

today's howtos

  • How to Connect Wi-Fi using Nmcli in Linux

    Why use the Network-command-line Manager’s interface? Sometimes Ubuntu Network Manager behaves strangely, and you may be unable to connect to any Wi-Fi Hotspot using the GUI (Graphical user interface). The Network Manager may fail to start, and even after manually restarting the service through the terminal, you may still have difficulties connecting to any Wi-Fi Hotspot, even a previously recognized and stored home network. I encountered same problem on dual boot configurations and standalone Linux installs, and it was quite inconvenient, particularly during the WFH (Work from home) phase that we’re all going through.

  • How to Add Comments to UFW Rules

    In an earlier article we discussed how to add comments to iptables rules for clarity and documentation. In our opinion it is a good practice to comment anything someone else may have to work on in the future. Using comments in scripting is a common practice for good reason. We decided to write a quick tip on how to add a comment to UFW (Uncomplicated Firewall) rules. I am not a huge fan of UFW or Firewalld. In my opinion they make managing netfilter harder, not easier. That is because I started using iptables over 20 years ago. I am very comfortable with it and tend to know the necessary syntax off the top of my head. That being said, adding a comment to UFW rules is much more intuitive than any other iptables front end.

  • How to Install Drupal 9 on Ubuntu 22.04 - LinuxTuto

    Drupal is an open-source and popular content management tool that is the foundation of many websites across the internet. It has great standard features, like easy content authoring, reliable performance, and excellent security. Flexibility and modularity are some of the core principles that set it apart from the rest. In this tutorial, we will show you how to install Drupal 9 on your Ubuntu 22.04 OS.

  • How to migrate from Blogger to WordPress

    Blogger.com, as its name suggest is a blog service. Is very popular and it’s owned by google. You may want to take full control of your blog by setting up a WordPress on your server. But you still need your content: in this entry I’ll show you how to migrate from blogger to wordpress. I’m assuming you already have a brand new WordPress installation. If not, here on unixcop.com we have several articles about wordpress.

  • How to install Inkscape 1.2 on a Chromebook

    Today we are looking at how to install Inkscape 1.2 on a Chromebook. Please follow the video/audio guide as a tutorial where we explain the process step by step and use the commands below.

  • What is AWS CloudTrail and how to use it

The 10 Best Linux Apps for Musicians

If you're a musician of any kind, from beginner to professional, Linux provides an amazing assortment of free, yet powerful, platforms and applications that will boost your productivity and help you to show off your creativity. Don't let the fact that these apps are free wrongly influence your judgment. They are high-quality, professional-grade applications that rival even the most well-known, high-priced, commercial applications. These are 10 of the best Linux apps for musicians of all levels. Read more

GNOME and KDE: This Week in GNOME, Qt6 and KF6

  • #44 Five Across · This Week in GNOME

    Update on what happened across the GNOME project in the week from May 13 to May 20.

  • Okteta making a small step to Qt6 | Attracted by virtual constructs

    Old, but stable, even more in when it comes to the feature set, and still getting its polishing now and then: your simple editor for the raw data of files, named Okteta. What started in 2003 as a hex editing widget library for KDE3 (and Qt3), of course named KHexEdit (to be confused with the unrelated hex editor program that was part of KDE at that time), it turned into a first dedicated application by the title Okteta during the years 2006 to 2008 for KDE4 (and Qt4). From there on a small set of features was added once in a while, most impressively Alexander Richardson’s Structures tool in 2010,. Until then in 2013 the port to Qt5/KF5 was done (also to a good degree by Alexander). After that things had settled, the program working properly when needed, otherwise just left in the corner of the storage. Now, nearly 2 decades after the first lines were written, the next port is to be done, to Qt6 and KF6. And this time the actual port is just amazingly boring: changing a few “Qt5” to “Qt6” in the buildsystem (and later some “KF5” to “KF6” once KF6 is ready), adding Qt6::Core5Compat as helper library for 1-2 classes that had not yet been substituted, adding a “const” to the argument of an overridden virtual method, adapting some “QStringList” forward declarations… and done.

The 5 best Application Launchers for Ubuntu

Every operating system comes with an application launcher where you have to mouse over the entire menu to launch an application. But, unlike other operating systems, Linux allows us to install other launchers as an alternative. In this post, We came up with the five best application launchers for Ubuntu and their installation process. Ubuntu has a default application launcher, i.e., GNOME Shell application overview. If you are a beginner or a tech professional, browsing the entire menu to launch an application is quite bothersome. Linux community offers a wide variety of application launchers. From a rich UX-based to a bare minimum, Linux has everything to offer. These application launchers offer many themes and come with a lot of customization. Choosing the right application launcher as per your need might be difficult. That’s why we came up with the five best application launchers. Here are the top 5 application launchers for your Ubuntu. Read more