/plushcap/analysis/datadog/pwnkit-vulnerability-overview-and-remediation

The PwnKit vulnerability: Overview, detection, and remediation

What's this blog post about?

On January 25, 2022, Qualys discovered a local privilege escalation vulnerability called PwnKit that affects PolicyKit's pkexec program installed by default on many Linux distributions such as Ubuntu, Debian, Fedora, and CentOS. A proof of concept (PoC) exploit was published the same day. Due to its low barrier to entry, widespread scope, and default installation across many Linux distributions, it is likely that attackers will use this vulnerability to gain a privileged foothold on production and cloud workload environments. Major Linux distributions have released dedicated security bulletins to help mitigate the vulnerability. Datadog Cloud Workload Security monitors file and process activity in real time at the kernel level, providing immediate defense by detecting exploitation attempts of the PwnKit vulnerability.

Company
Datadog

Date published
Jan. 28, 2022

Author(s)
Zack Allen, Christophe Tafani-Dereeper, Matt Mills

Word count
996

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.