Security researchers have found a privilege escalation vulnerability in pkexec, a tool that’s present by default on many Linux installations. The flaw, called PwnKit, could allow attackers to easily gain root privileges on systems if they have access to a regular user without administrative privileges.
Researchers from security firm Qualys who discovered and reported the vulnerability were able to confirm it is exploitable in default configurations on some of the most popular Linux distributions including Ubuntu, Debian, Fedora and CentOS. They believe others are likely impacted as well, since the vulnerable code has existed in pkexec since the tool’s first version, over 12 years ago.
More Stories
ForgeRock, Double Secret Octopus offer passwordless authentication for enterprises
ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help...
ForgeRock, Secret Double Octopus offer passwordless authentication for enterprises
ForegeRock is adding a new passwordless authentication capability, called Enterprise Connect Passwordless, to its flagship Identity Platform product to help...
Mispadu Trojan Steals 90,000+ Banking Credentials From Latin American Victims
These included a number of government websites: 105 in Chile, 431 in Mexico and 265 in Peru Read More
KillNet Group Uses DDoS Attacks Against Azure-Based Healthcare Apps
Microsoft said it saw between 40 and 60 daily attacks in February Read More
BreachForums Admin Arrested in New York
Conor Brian Fitzpatrick of Peekskill was apprehended last Wednesday following an FBI investigation Read More
CISA kicks off ransomware vulnerability pilot to help spot ransomware-exploitable flaws
Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) announced the launch of the Ransomware Vulnerability Warning Pilot (RVWP)...