New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
New Linux Flaws Enable Full Root Access via PAM and Udisks Across Major Distributions
thehackernews.com
Just a moment...
19 comments
-
-
By chaining legitimate services such as udisks loop-mounts and PAM/environment quirks, attackers who own any active GUI or SSH session can vault across polkit's allow_active trust zone and emerge as root in seconds.
I recognize a few of those words.
-
Basically it's two vulns chained; first one gives a remote user privileges that a physically present user would get, in order to do things like put a thumbdrive in and have it mount. Then that udisks privilege can be subverted to escalate that level to root. So as long as you can start a remote session, you can pull root and it doesn't even look that hard.
-
-
While this is a risk, it is only a real risk if the system is already exploited for regular user access. Or if there is an untrustworthy user of the system. So for most, it is not a major concern.
-
Can this be used to root Android phones?
If yes, it canbe useful. If not, it's potentially problematic
-
Or ditch udisks in favour of pmount (or udevil?), which shouldn't be affected as far as I can tell. That will get you a few months' grace before a similar problem pops up there.
19 comments
It's an LPE, and doesn't allow full root access to anyone who isn't already a user.
Are you saying LPEs aren't a security hazard?
Nope. Just pointing out an alarmist headline.