We’ve been made aware of a critical vulnerability on the pkexec process that can be found in a large amount of major Linux distributions. This vulnerability has been present since the processes introduction in May 2009.
What is Pkexec?
PkExec is included by default in many distributions of Linux and allows a user to execute commands as another user which, effectively acts as a gate keeper to administrative privileges on a system.
What is the vulnerability?
In this instance, a malicious actor could exploit pkexec to gain full (or root) permissions over a system running the vulnerable executable.
A proof of concept demonstration was created by Qualys that can be found here
What can we do?
Patches are currently being developed for this vulnerability, however for the moment there are workarounds:
All others: Run “chmod 0755 /usr/bin/pkexec” to remove the SUID-bit which is a special permission where a file always executes as the owner of the file (in this case root). Note: This is a temporary fix.