This article has been indexed from DZone Security Zone
It looks like IT teams have no respite. Following all the hassles caused by Log4j (and its variants), there is a new high profile, high-risk vulnerability making the rounds. CVE-2021-4034, or PwnKit if you’re into fancy CVE nicknames, is a polkit vulnerability that lets unprivileged users gain root privileges on basically any Linux system out there that has polkit installed.
NOTE: Patches are now available for Centos6, Oracle6, CL6, Ubuntu16, and Centos8.4 with more to follow. You can track actual distribution support through a CVE dashboard here.
Read the original article: PwnKit, or How 12-Year-Old Code Can Give Root To Unprivileged Users