What is the PwnKit Vulnerability?

Researchers at Qualys have revealed a now-patched vulnerability in a widely used security toolkit that’s included in almost every Linux distro.  Officially known as CVE-2021-4034, it has also been dubbed PwnKit for simpler reference. The vulnerability allows bad actors to gain unintended root access to an affected system.  Before we show you how to fix teh PwnKit security vulnerability, we want to give a brief summary for those who aren’t aware of the issue already.

The bugged code is part of the Linux Polkit software, a popular way of allowing regular apps, which don’t run with any special privileges, to interact safely with other software that need to have administrative access.  For example, if you have a file manager that lets you format removable drives, the file manager will often need to check with the operating system that you’re allowed to access those devices.

To summarize the issue, Qualys discovered a way to force polkit into reintroducing an environment variable that tricks the pkexec command into running a program of their choice before the program got as far as verifying whether their account was entitled to use pkexec at all.

Because pkexec is the equivalent of using the sudo command in practice, any program you can trick it into launching will inherit superuser privileges.

This means that any user who already has access to your system, even if they’re logged in under an account with almost no power at all, can use pkexec to promote themselves or other malicious code instantly to root user privileges.


How to Fix the PwnKit Vulnerbility

Thankfully, this is a severe enough issue that most Linux distros should have an update out already. You can (safely) run the following command to check what version of Polkit you have installed:


pkexec --version

You want 0.120 or later.  If your version is not 0.120 or higher, then you want to check for an update with apt-get update and then apt-get upgrade.  You should see Polkit in the upgrade list.  If you do, approve the upgrades when prompted and you’re all set, now your machine is protected against the PwnKit vulnerability.


We highly recommend that any users of our Bare Metal or VPS systems patch this vulnearbility as soon as possible.  Especially if there is more than one person accessing the system.   For future security advisors and updates, please like and follow us on Facebook and Twitter for the most up to date information or Signing Up for bi-weekly updates from us.