Dear blog readers,
On January 26.01.2022th, XNUMX a vulnerability was found that applies to all Linux distributions. We would like to inform you about this as soon as possible. This vulnerability gives unprivileged users access to root privileges. This vulnerability resides in the pkexec command. Qualys calls this exploit "pwnkit".
In the following paragraph you will also find links to any posts by the OS developers. Most affected distributions below Debian (Stretch, Buster and Bullseye) Ubuntu (18.04, 20.04 and 21.10) and SUSE already have updates and there is an announcement from RedHat for a patch. We recommend that you carry out the relevant updates as soon as possible.
For operating systems without an update, there is a workaround from Qualys that removes a SUID bit from the pkexec and thus makes it harmless. With the command chmod 0755 /usr/bin/pkexec you can use this workaround.
If you have any further questions, we are at your disposal.
Your team from webtropia.com