A vulnerability in Polkit’s pkexec component identified as PwnKit is present in the default configuration of all major Linux distributions and can be exploited to gain full root privileges on the system, researchers warn today.

The origin of PwnKit dates back more than 12 years and its main function is to negotiate the interaction between privileged and non-privileged processes, allowing an authorized user to execute commands as another user, doubling as an alternative to the sudo command.

A virus that takes advantage of Linux permissions

Although the total absence of viruses in Linux is a myth, it is a fact that if they exist, they are small in volume. The problem lies in the cases in which administrator permissions are in between, which in simple words are the condition that, when granted, exercises power over the system by accepting or denying orders.

As reported by Qualys, a security firm, this vulnerability has existed for approximately 12 years and can affect popular distributions such as Ubuntu, Debian, Fedora and CentOS. Bharat Jogi, Director of Vulnerabilities and Threat Research at Qualys commented that PwnKit is “a memory corruption vulnerability in Polkit’s, which allows any user without root privileges to gain full root privileges on a vulnerable system using polkit’s default settings”. The researcher added that the issue has been hiding in plain sight since the first version of pkexec inn in May 2009.

Security experts pointed out, after making this situation known, that an exploit should not take long to appear, a software designed to exploit this vulnerability. Just three hours after the publication of this finding, one appeared on the web.

This finding dates back to November of last year. The bug had been around for seven years, since component version 0.113, and affected popular Linux distributions, including RHEL 8, Fedora 21 (or later), Ubuntu 20.04, and unstable versions of Debian (‘bullseye’) and its derivatives. , according to BleepingComputer. The developers of the main distributions were notified in advance and currently, there is already a security patch that several systems are already offering as an update through their software repositories.