The PwnKit vulnerability: Overview, detection, and remediation
On January 25, 2022, Qualys discovered a local privilege escalation vulnerability called PwnKit that affects PolicyKit's pkexec program installed by default on many Linux distributions such as Ubuntu, Debian, Fedora, and CentOS. A proof of concept (PoC) exploit was published the same day. Due to its low barrier to entry, widespread scope, and default installation across many Linux distributions, it is likely that attackers will use this vulnerability to gain a privileged foothold on production and cloud workload environments. Major Linux distributions have released dedicated security bulletins to help mitigate the vulnerability. Datadog Cloud Workload Security monitors file and process activity in real time at the kernel level, providing immediate defense by detecting exploitation attempts of the PwnKit vulnerability.
Company
Datadog
Date published
Jan. 28, 2022
Author(s)
Zack Allen, Christophe Tafani-Dereeper, Matt Mills
Word count
996
Language
English
Hacker News points
None found.