New/old threat you need to be aware of.

kc1di

kc1di

Well-Known Member
Joined
May 14, 2021
Messages
2,755
Reaction score
2,806
Credits
20,101
There was another security alert yesterday. See here for details. But this could be a very bad one and I may be looking to find a distro without Systemd after all.
Just be careful and be informed.
www.zdnet.com

Major Linux PolicyKit security vulnerability uncovered: Pwnkit

A serious memory corruption vulnerability in polkit (formerly PolicyKit) has finally been discovered after 12+ years. This program is found in essentially all modern Linux distributions.
www.zdnet.com www.zdnet.com
Click to expand...
 


Update Mint sent out a patch for this yesterday. Not sure if Ubuntu patched it yet. But keep your systems up to date.
 
An attacker can exploit a vulnerability in Polkit’s pkexec component, tracked as CVE-2021-4034, that affects all major Linux distributions to gain full root privileges on the system. The good news is that this issue is not remotely exploitable, but if an attacker can log in as any unprivileged user, it can allow to gain root privileges.

securityaffairs.co

PwnKit: Local Privilege Escalation bug affects major Linux distros

A flaw in Polkit's pkexec component, tracked as CVE-2021-4034 (PwnKit) can be exploited to gain full root privileges on major Linuz distros.
securityaffairs.co securityaffairs.co
 
got my update at 8-04 gmt this morning
 
Updated on Debian Sid.
 
Threads merged.
 
kc1di said:
There was another security alert yesterday. See here for details. But this could be a very bad one and I may be looking to find a distro without Systemd after all.
Just be careful and be informed.
Click to expand...
Just think of vulnerabilities we still dont know about. In the security industry they call these "zero day vulnerabilities".
For as long as humans write code there will always be bugs and vulnerabilities. The threat will always be ongoing, in general linux users are much safer than windows or mac users but the threat to security still remains
 
smooth_buddha said:
in general linux users are much safer than windows or mac users but the threat to security still remains
Click to expand...
LOL a privilege escalation vulnerability doesn't make any os safer than the other, just be thankfull it isn't a remote executable one.
 
Last edited:
smooth_buddha said:
Just think of vulnerabilities we still dont know about.
Click to expand...

Fortunately, most Linux vulnerabilities require a great deal of effort to exploit them. Like, this one requires you access a user account - be it local or remote. If you can remotely access with a regular user account you could use this vulnerability, but these things already require access to the machine.

For the most part, Linux exploits require user action to be dangerous.

As I say with some regularity, "Malware exists for Linux. Just don't install it."
 
You must log in or register to reply here.

Similar threads

Condobloke
Ransomware.....and other topics....
Replies
0
Views
715
Condobloke
Condobloke
Jarret B
Linux Security Check
Replies
1
Views
6K
Trenix25
Trenix25
rado84
[info] How to run games from NTFS partitions without problems
Replies
2
Views
2K
rado84
rado84
Freepoorman
Linux Parrot 101 - A short guide for new users
Replies
1
Views
13K
Eslamlinux
Eslamlinux
Emanate Presence
LINKS FOR LINUX NEWCOMERS
2
Replies
36
Views
5K
Emanate Presence
Emanate Presence


Members online

Total: 400 (members: 2, guests: 398)

Latest posts

Top