Skip to main content
In light of recent global events, there is a heightened risk of cyber-attacks. We urge local organisations to exercise additional vigilance when monitoring IT infrastructure. Please report suspicious activity to us via our Cyber Concerns Reporting Tool.

Overview

A local privilege escalation vulnerability has been identified in most major Linux operating system distributions allowing a local user to easily gain root access to a local system.

The vulnerability is a local privilege escalation which means a malicious actor will require local access to the Linux device in order to gain complete root (‘administrative’) access.

This advisory is primarily aimed at businesses, however, any Linux user should be aware of this vulnerability and apply any patches and updates when available.

Detail

The vulnerability exploits a very common Linux function (Polkits ‘pkexec’) and there is a high likelihood that this function is available on your Linux devices based on reports from a number of security researchers.

The vulnerability has been classified with a criticality CVSS score of 7.8. More information about the vulnerability can be found here: https://access.redhat.com/security/cve/CVE-2021-4034 (CVE-2021-4034)

Linux-based operating systems are ubiquitous; being used in a vast array of Internet of Things (IoT) and smart devices, Industrial Control Systems (ICS) and SCADA technologies. It may not be obvious that you have these systems in operation but it is very important that they are included in the management of your organisation’s security processes.

Recommended Action

  • Patches for affected Linux distributions are not yet widespread, however, Proof of Concept (PoF) are already being shared online. It is expected that distro vendors will release patches for this issue sooner rather than later – monitor for patch releases on your affected distributions and apply them as soon as practicable.

  • In some cases, there may be mitigation guidance available (e.g. ‘chmod 0755 /usr/bin/pkexec’) in the absence of any patch – if patching is not possible, apply a mitigating measure.

  • Frequently monitor and review security updates for all of your systems and devices. Implement security patches as soon as practicable. Set your devices to update automatically wherever possible.

  • It is good practise to back up your system and/or important files before installing any major updates.

  • Take a look at the ‘5 Steps to Cyber Security’ guidance on our Advice & Guidance page for more guidance on how to better protect your organisation.

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates