Hello PwnKit my old friend... There is a self-contained version of that exploit out on GitHub that is just the cat's meow. I know you're supposed to compile your own exploits, but man is that bugger handy. #infosec #pwnkit #oscp

Rooted another OSCP machine this morning. There is no other exploit that has been more widespread and easy to leverage than pwnkit (CVE-2021-4034). I've simply lost count of the the number of machines I've been able to use this on to get root access from a low-privilege account. For people who do this kind of stuff, this post is a cold take, but I just wanted to come here and state the obvious. #OSCP #pwnkit #polkit #CVE-2021-4034 #Linux #pkexec #setuid

From the Ubuntu website: "A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it’ll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine."

#CISA warns of #hackers exploiting #PwnKit #Linux #vulnerability

https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-exploiting-pwnkit-linux-vulnerability/

To check, whether or not, your #RPM based distro is patched, try:
rpm -q --changelog polkit | grep -i cve

#CVE #CVE20214034 #polkit #security #cybersecurity

#pwnkit is the latest of named attacks across #linux systems. Do you think your #rhel servers maybe at risk? Red Hat Insights is here to help! See what systems are vulnerable and deploy a patch all from one UI! #security https://www.redhat.com/en/blog/discover-and-remediate-security-vulnerabilities-faster-red-hat-insights

PwnKit, le bug Linux qui vous met à la root https://korben.info/pwnkit-exploit.html #exploitlinux #Sécurité #pwnkit

Zero-Day-Exploit: PwnKit-Schwachstelle erlaubt Root-Rechte unter Linux https://www.computerbase.de/2022-01/zero-day-exploit-pwnkit-schwachstelle-erlaubt-root-rechte-unter-linux/ #PwnKit #Polkit #Linux #OpenSource

Zero-Day-Exploit: PwnKit-Schwachstelle erlaubt Root-Rechte unter Linux https://www.computerbase.de/2022-01/zero-day-exploit-pwnkit-schwachstelle-erlaubt-root-rechte-unter-linux/ #PwnKit #Polkit #Linux #OpenSource

“PwnKit” security bug gets you root on most Linux distros – what to do - An elevation of privilege bug that could let a "mostly harmless" user give themselves a i... https://nakedsecurity.sophos.com/2022/01/26/pwnkit-security-bug-gets-you-root-on-most-linux-distros-what-to-do/ #vulnerability #cve-2021-4034 #pkexec #pwnkit #linux #eop

RT @qualys
The #Qualys Research Team has discovered an easily exploitable memory corruption vulnerability (#Pwnkit) in polkit a SUID-root program that allows any unprivileged local user to gain root privileges on all major linux systems in its default configuration: https://fal.cn/3lCr6

À défaut d'avoir accès au patch (Bookworm pour l'instant, peut-être voire probablement de très vielles RHEL en prod, sans de possibilité de mise à jour parce que appli « pro » à la con hors de prix jamais maintenue depuis 10 ans…, ou whatever), on peut toujours enlever à pkexec le bit SETUID comme solution de contournement temporaire. #pwnkit

Mettez à jour vos distro. La faille d'élévation de privilège avec un user local via #polkit/pkexec, #pwnkit, a un patch depuis hier 5:00 PM UTC. Probablement sur un bon paquet de distrib, car publication de patch coordonnée. En tout a coup sur pour Debian stable, oldstable et oldoldstable.

https://security-tracker.debian.org/tracker/CVE-2021-4034

Auf allen Servern kein #polkit installiert - check. #pwnkit

"we note that #OpenBSD is not exploitable, because its kernel refuses to execve() a program if argc is 0."

https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
#pwnkit #polkit #pkexec #itsec

#pwnkit Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt #infosec