What you need to know about major Linux vulnerability, PwnKit

Reported yesterday, PwnKit is a Linux vulnerability that allows unprivileged users to gain full root privileges. Servers that we manage have all been patched now.

Max calendar Jan 27, 2022 book News

Yesterday (NZ time), researchers at Qualys released information about a Linux vulnerability that they have dubbed Pwnkit.

“The Qualys Research Team has discovered a memory corruption vulnerability in polkit’s pkexec, a SUID-root program that is installed by default on every major Linux distribution. This easily exploited vulnerability allows any unprivileged user to gain full root privileges on a vulnerable host by exploiting this vulnerability in its default configuration…

“Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu, Debian, Fedora, and CentOS. Other Linux distributions are likely vulnerable and probably exploitable. This vulnerability has been hiding in plain sight for 12+ years and affects all versions of pkexec since its first version in May 2009.”

Countless Linux servers around the world are affected, including ones here at SiteHost. Despite this bug’s longevity, we haven’t detected any evidence of successful exploits or malicious uses of it.

Patching of managed servers is complete

Since we first became aware of Pwnkit our team has been hard at work.

If you manage your own servers, act now

We have not patched unmanaged Linux servers. If you have Linux servers that you manage yourself, and especially if those servers have shared SSH access, this is a critical vulnerability that needs to be patched as soon as possible.

Depending on your Linux distro, this can be a simple job. If you are running the latest LTS version of Ubuntu (20.04) for example, you only need to run a standard system update.

Is it time to talk with us about Server Management?

Vulnerabilities like Pwnkit reveal the true benefits of our Server Management. Plenty of SiteHost customers will only have heard of this vulnerability after our team has already secured their infrastructure against it.

If you’d like to talk with us about adding Server Management, we’re always ready to hear from you. Call 0800 484 537, or see how else you can get in touch.

People Sharing The Love

People saying nice things about us is always great to hear, but when they say it publicly without us asking it's even better.

Sam McLeod @s_mcleod

@uiri00 @SwiftOnSecurity Can vouch for @sitehostnz - good bastards

Michael Dunstan @michaeldunstan

Good people run @sitehostnz

Key Statistics

We have built the infrastructure and support team that your business can rely on, but we'll let the numbers do the talking.

99%

You can rely on us and our uptime. For the last month we are at 99.966%


Based on data from external third party monitoring. See our Network Status for more. Last updated: Today
62mins

We measure our response time to support tickets in minutes not hours.


Our average response time to support tickets during business hours this week. Last updated: Today
97%

Our customers consistently rate their support experience as excellent.


Based on the last 200 support ratings we have received which are asked for on every ticket. Last updated: Today