a Local Privilege Escalation (from any user to root) in polkit's pkexec, a SUID-root program that is installed by default on every major Linux distribution. pkexec is installed by default on all major Linux distributions (exploited in Ubuntu, Debian, Fedora, CentOS, and other distributions are probably also exploitable). pkexec is vulnerable since its creation, in May 2009 (commit c8c3d83, "Add a pkexec(1) command"). Any unprivileged local user can exploit this vulnerability to obtain full root privileges. Although this vulnerability is technically a memory corruption, it is exploitable instantly, reliably, in an architecture-independent way. It is exploitable even if the polkit daemon itself is not running.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
polkit project polkit |
||
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux for scientific computing 7.0 |
||
redhat enterprise linux server 7.0 |
||
redhat enterprise linux for power little endian 7.0 |
||
redhat enterprise linux server 6.0 |
||
redhat enterprise linux for power big endian 7.0 |
||
redhat enterprise linux for ibm z systems 7.0 |
||
redhat enterprise linux server aus 7.3 |
||
redhat enterprise linux server aus 7.4 |
||
redhat enterprise linux server tus 7.6 |
||
redhat enterprise linux server aus 7.6 |
||
redhat enterprise linux 8.0 |
||
redhat enterprise linux server aus 7.7 |
||
redhat enterprise linux server tus 7.7 |
||
redhat enterprise linux eus 8.2 |
||
redhat enterprise linux server tus 8.2 |
||
redhat enterprise linux server aus 8.2 |
||
redhat enterprise linux server tus 8.4 |
||
redhat enterprise linux server aus 8.4 |
||
redhat enterprise linux server update services for sap solutions 8.2 |
||
redhat enterprise linux server update services for sap solutions 8.4 |
||
redhat enterprise linux server update services for sap solutions 8.1 |
||
redhat enterprise linux for power little endian eus 8.2 |
||
redhat enterprise linux for ibm z systems eus 8.2 |
||
redhat enterprise linux for power little endian eus 8.1 |
||
redhat enterprise linux for power little endian 8.0 |
||
redhat enterprise linux for ibm z systems eus 8.4 |
||
redhat enterprise linux for ibm z systems 8.0 |
||
redhat enterprise linux for power little endian eus 8.4 |
||
redhat enterprise linux server eus 8.4 |
||
redhat enterprise linux server update services for sap solutions 7.7 |
||
redhat enterprise linux server update services for sap solutions 7.6 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 20.04 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 21.10 |
||
suse manager server 4.1 |
||
suse linux enterprise workstation extension 12 |
||
suse linux enterprise desktop 15 |
||
suse enterprise storage 7.0 |
||
suse manager proxy 4.1 |
||
suse linux enterprise high performance computing 15.0 |
||
suse linux enterprise server 15 |
||
oracle http server 12.2.1.3.0 |
||
oracle http server 12.2.1.4.0 |
||
oracle zfs storage appliance kit 8.8 |
||
siemens sinumerik edge |
||
siemens scalance_lpe9403_firmware |
||
starwindsoftware starwind virtual san v8 |
||
starwindsoftware starwind hyperconverged appliance - |
||
starwindsoftware command center 1.0 |
Get our weekly newsletter What happens when argc is zero and a SUID program doesn't care? Let's find out!
Linux vendors on Tuesday issued patches for a memory corruption vulnerability in a component called polkit that allows an unprivileged logged-in user to gain full root access on a system in its default configuration. Security vendor Qualys found the flaw and published details in a coordinated disclosure. Polkit, previously known as PolicyKit, is a tool for setting up policies governing how unprivileged processes interact with privileged ones. The vulnerability resides within polkit's pkexec, a...