Hacking Linux is Easy with PwnKit
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added PwnKit as a high-severity Linux vulnerability to its list of actively exploited bugs.
Recorded as CVE-2021-4034, with a CVSS score of 7.8/10, PwnKit was discovered by Qualys in November 2021 and can be used by hackers to gain full root control over major Linux distributions.
The flaw is located in Polkit’s pkexec component used by most distributions (Ubuntu, Debian, CentOS, and others):
“[the command] allows an authorized user to execute PROGRAM as another user. If username is not specified, then the program will be executed as the administrative super user, root.”