CISA warns of hackers exploiting PwnKit Linux vulnerability

by | Jun 30, 2022 | News


Premium Content

Patreon

Subscribe to Patreon to watch this episode.


 

Reading Time: 2 Minutes

The Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Linux vulnerability known as PwnKit to its list of bugs exploited in the wild.

 

 

 

The security flaw, identified as CVE-2021-4034, was found in the Polkit’s pkexec component used by all major distributions (including Ubuntu, Debian, Fedora, and CentOS).

PwnKit is a memory corruption bug that unprivileged users can exploit to gain full root privileges on Linux systems with default configurations.

Researchers at information security Qualys who discovered it also found that its origin goes back to the initial commit of pkexec, which means it impacts all Polkit versions. It has also been hiding in plain sight for more than 12 years since pkexec’s first release in May 2009.

Reliable proof-of-concept (PoC) exploit code has been shared online less than three hours after Qualys published technical details for PwnKit.

Qualys urged Linux admins to expedite securing vulnerable servers using the patches released by Polkit’s development team on their GitLab repository.

This is even more pressing given that, according to Qualys’ advisory, exploiting the PwnKit privilege escalation bug is possible without leaving traces on the compromised system.

 

 
 
 

See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course

 

 

 

Solutions

 

 
 

Federal agencies ordered to patch within 3 weeks

 

The US cybersecurity agency also gave all Federal Civilian Executive Branch Agencies (FCEB) agencies three weeks, until July 18, to patch their Linux servers against PwnKit and block exploitation attempts.

According to a binding operational directive (BOD 22-01) issued by CISA in November to reduce the risk of known exploited bugs across US federal networks, FCEB agencies must secure their systems against bugs added to the Known Exploited Vulnerabilities Catalog (KEV).

Even though this directive only applies to federal agencies, CISA also strongly urged all US organizations from the private and public sectors to prioritize patching this bug.

 
 
 
 
 

Trending: Internet scans find 1.6 million secrets leaked by websites

 

 

 

 

Trending: Recon Tool: JFScan

 

 

 

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

 

 

Following the agency’s advice should reduce the attack surface threat actors can target in attacks designed to compromise unpatched servers and breach vulnerable networks.

CISA has also urged government agencies and private sector orgs using Microsoft Exchange to expedite the switch from Basic Auth legacy authentication methods to Modern Auth alternatives.

FCEB agencies were also advised to block Basic auth after migrating to Modern Auth as it makes it harder for threat actors to pull off password spray and credential stuffing attacks.

 

Trending: Write up: How to schedule tasks the right way in Linux, using crontab

 

Source: bleepingcomputer.com

Source Link

 

 

 


 

 

Merch

Share This