OSG-SEC-2022-01-26 CRITICAL local privilege escalation in polkit's pkexec
Dear OSG Security Contacts,
A local privilege escalation in polkit's  pkexec has been discovered . Polkit's pkexec is a setuid root program that's installed by default on every major Linux distribution. Exploitation of this vulnerability allows an unprivileged user to elevate their privileges to root on the system . Due to the widespread nature and the ease of exploitability, the OSG security team has categorized this as a CRITICAL severity vulnerability.
All major Linux distributions .
WHAT ARE THE VULNERABILITIES:
Polkit (formerly PolicyKit) is a component for controlling system-wide privileges in Unix-like operating systems.
any unprivileged local user can exploit this vulnerability to obtain full root privileges;
although this vulnerability is technically a memory corruption, it is exploitable instantly, reliably, in an architecture-independent way;
and it is exploitable even if the polkit daemon itself is not running.
WHAT YOU SHOULD DO:
Update to a patched version of polkit when available for your distribution .
If no patches are available for your operating system, you can remove the setuid bit from the pkexec executable as a temporary mitigation with the following command:
chmod 0755 /usr/bin/pkexec
Please contact the OSG security team at [email protected] if you have any questions or concerns.
OSG Security Team