HomeAboutMailing ListList Chatter /0/0 3.230.142.168

PKEXEC

2022-01-26 by: "Mike (meuon) Harrison"
From: "Mike (meuon) Harrison" 
------------------------------------------------------


Go fix your systems. Most distro's have updates.


https://arstechnica.com/information-technology/2022/01/a-bug-lurking-for-12-years-gives-attackers-root-on-every-major-linux-distro/

Dry, but good info:

https://isc.sans.edu/diary/rss/28272


Surprising, most of my bare built Debian 10 and 11 servers don't even have 
it... but 1 did. My Ubuntu... all had it, updated and checked again.


Weird note:  If you do the "chmod 0755 /usr/bin/pkexec" I had one system 
that re-SUID'd after a reboot. Dat system being rebuilt from scratch 
today. I didn't find what re-SUID'd it. I need to upgrade/replace it 
anyway.

--Meuon--










=============================================================== From: Dave Brockman ------------------------------------------------------ Do the systems that don't contain the file in question have sudo=20 installed? Local Priv Escalation requires local access, and none of my=20 systems provide local access via shell. If they got that far already,=20 I'm already hosed :) -Dave r-12-years-gives-attackers-root-on-every-major-linux-distro/=20 n. system=20

=============================================================== From: Stephen Kraus ------------------------------------------------------ Its more it enables anyone who manages to compromise a single exposed service (nginx, database, etc.) quickly can gain priv esc. No, so far its not RCE capable, but its a quick path to root if someone gains even the meagerest of privileges.

=============================================================== From: "Mike (meuon) Harrison" ------------------------------------------------------ Local access means just about anything that can be tricked into running a command or three. The good news is it's not that hard to fix. So far. For me at least. Don't have anything on the servers that seems to use it. More used for gui-ish / desktop use programs.

=============================================================== From: Dave Brockman ------------------------------------------------------ of=20 eady,=3D20 =20 =20 None of my servers have it. Curious what installs it. --dtb