Reported yesterday, PwnKit is a Linux vulnerability that allows unprivileged users to gain full root privileges. Servers that we manage have all been patched now.
Yesterday (NZ time), researchers at Qualys released information about a Linux vulnerability that they have dubbed Pwnkit.
“The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration…
“Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS. Other Linux distributions are likely vulnerable and probably exploitable. This vulnerability has been hiding in plain sight for 12+ years and affects all versions of pkexec since its first version in May 2009.”
Countless Linux servers around the world are affected, including ones here at SiteHost. Despite this bug’s longevity, we haven’t detected any evidence of successful exploits or malicious uses of it.
Patching of managed servers is complete
Since we first became aware of Pwnkit our team has been hard at work.
- All Cloud Container servers are now patched.
- All managed Linux servers are now patched.
If you manage your own servers, act now
We have not patched unmanaged Linux servers. If you have Linux servers that you manage yourself, and especially if those servers have shared SSH access, this is a critical vulnerability that needs to be patched as soon as possible.
Depending on your Linux distro, this can be a simple job. If you are running the latest LTS version of Ubuntu (20.04) for example, you only need to run a standard system update.
Is it time to talk with us about Server Management?
Vulnerabilities like Pwnkit reveal the true benefits of our Server Management. Plenty of SiteHost customers will only have heard of this vulnerability after our team has already secured their infrastructure against it.
If you’d like to talk with us about adding Server Management, we’re always ready to hear from you. Call 0800 484 537, or see how else you can get in touch.