[Bglug] new Linux vulnerability
Brad Rodriguez
brad at bradrodriguez.com
Thu Jan 27 10:48:27 EST 2022
Seems to require local access, so not an emergency for many of us, but
make sure your distro is up to date nevertheless:
A bug lurking for 12 years gives attackers root on most major Linux
distros
https://arstechnica.com/information-technology/2022/01/a-bug-lurking-for-12-years-gives-attackers-root-on-every-major-linux-distro/
"Linux users on Tuesday got a major dose of bad news—a 12-year-old
vulnerability in a system tool called Polkit gives attackers unfettered
root privileges on machines running most major distributions of the open
source operating system.
Previously called PolicyKit, Polkit manages system-wide privileges in
Unix-like OSes. It provides a mechanism for nonprivileged processes to
safely interact with privileged processes. It also allows users to
execute commands with high privileges by using a component called
pkexec, followed by the command."
--
brad at bradrodriguez.com
More information about the Group
mailing list