What’s the nature of the vulnerability?
pkexec is a utility that comes with PolKit (formerly PolicyKit) that allows a lower privileged user to run commands as root, similar to the more well-known sudo command. PolKit ships with many modern Linux distributions as part of a default installation, which what makes this particular vulnerability a concern. The bug has been hiding in plain sight as part of the project’s initial commit in 2009 until researchers from Qualys discovered it and covered it on their blog.
While not exploitable remotely, the vulnerability now dubbed PwnKit and tracked as CVE-2021-4034 makes a perfect complement to other remote RCE bugs such as Log4Shell which plagues Apache’s Log4j library. Once commands can be executed on a system as root, opportunities abound for compromising the host. POC code has already been published in several public repositories.
Qualys security researchers verified exploitation of the vulnerability and obtained full root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS. While not all Linux distributions come with PolKit, it is wise to verify for whatever flavor you might be running.
bvoip has confirmed that we are not affected by this vulnerability.
