[Bglug] new Linux vulnerability

Brad Rodriguez brad at bradrodriguez.com
Thu Jan 27 10:48:27 EST 2022


Seems to require local access, so not an emergency for many of us, but
make sure your distro is up to date nevertheless:

A bug lurking for 12 years gives attackers root on most major Linux
distros
https://arstechnica.com/information-technology/2022/01/a-bug-lurking-for-12-years-gives-attackers-root-on-every-major-linux-distro/

"Linux users on Tuesday got a major dose of bad news—a 12-year-old
vulnerability in a system tool called Polkit gives attackers unfettered
root privileges on machines running most major distributions of the open
source operating system.

Previously called PolicyKit, Polkit manages system-wide privileges in
Unix-like OSes. It provides a mechanism for nonprivileged processes to
safely interact with privileged processes. It also allows users to
execute commands with high privileges by using a component called
pkexec, followed by the command."

-- 
brad at bradrodriguez.com



More information about the Group mailing list