Qualys Uncovers Major Linux Vulnerability

Security company Qualys has uncovered a dangerous memory corruption vulnerability in Polkit’s pkexec, CVE-2021-2034. Polkit, formerly known as PolicyKit, is a system SUID-root program installed by default in every major Linux distribution. The easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration.

Yan Michalevsky, CTO and Cofounder, Anjuna Security had this to say:

“The pkexec vulnerability and other similar zero-days exacerbate the need for protecting sensitive applications and data. With options like Confidential Computing and secure enclaves, although attackers could gain elevated privileges using the pkexec vulnerability, they would not be able to access protected workloads. Secure enclaves can essentially provide a future proof protection against such newly disclosed OS vulnerabilities.”

Linux is very popular in enterprises worldwide. Thus companies worldwide need to look at this and use the temporary mitigation outlined in the report from Qualys if no patchers are available for your Linux distribution.

Leave a Reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading