Vulnerability in PolicyKit allows you to execute any command on Linux systems


In the software platform for managing administrative policies and PolicyKit privileges, an authentication bypass vulnerability has been detected that allows a low-privileged user to successfully execute any SYSTEMCTL command on Linux systems with UID value greater than 2147483647.
The vulnerability that received the CVE-2018-19788 ID affects the version of PolicyKit (Polkit) 0115 that is preinstalled in most popular Linux distributions, including Red Hat, Debian, Ubuntu, and CentOS. The problem exists due to incorrect processing of PolicyKit IDs with a value greater than Int_max.
A security researcher, Rich Mirch (Rich Mirch) has published a PoC code on GitHub that demonstrates the exploitation of the vulnerability. The problem is fixed in the version 0.105-18 + deb9u1. The developers of Red Hat are preparing a corresponding patch, and so far recommend not to use identifiers with a value greater than 2147483646.

Leave a Reply

Your email address will not be published. Required fields are marked *