Another Old Exploit Found in Many Linux Distros.



In this video I cover the polkit vulnerability recently uncovered that affects many desktop linux distros such as fedora ubuntu and linux mint

₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿

Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436

Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV

Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079

Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF

Dash
Xh9PXPEy5RoLJgFDGYCDjrbXdjshMaYerz

Zcash
t1aWtU5SBpxuUWBSwDKy4gTkT2T1ZwtFvrr

Chainlink
0x0f7f21D267d2C9dbae17fd8c20012eFEA3678F14

Bitcoin Cash
qz2st00dtu9e79zrq5wshsgaxsjw299n7c69th8ryp

Etherum Classic
0xeA641e59913960f578ad39A6B4d02051A5556BfC

USD Coin
0x0B045f743A693b225630862a3464B52fefE79FdB

Subscribe to my YouTube channel http://goo.gl/9U10Wz
and be sure to click that notification bell so you know when new videos are released.

30 thoughts on “Another Old Exploit Found in Many Linux Distros.

  1. That's mostly GTK/GNOME'S fault, as other DE's don't need polkit, have their own policy manager or can work with whatever policy manager you have available.

  2. 1.You need a machine that you a have local access to or ssh.
    2.Ssh is password protected so on way or another you must be a user of a system in a first place.
    3.This bug is a local bug. No real danger for home users.
    4.In corporate server environments we do not even use gui nor gnome pol-kit shiped with gui elements so server wise it is BS.
    5.But let say you pull this of via gui or ssh on "company server", you will lost your job.
    6.Now You must tinkering with logs to hide this incredible achievement of yours, but if you delete them completely,
    you put it department in an red alert state, so there is a slight chance if you only delete few lines that points on your actions,
    and since it was found (the bug ) it is already patched.
    Think twice till you start scare people to get more views.
    Just because we do not use gentoo we are not morons, do not treat us as such.

  3. it's probably used because it allows for more strict policy/permission control over one application. I have tried relying only with sudo and su. And many programs actually requires it to be able to work as expected. The same goes with dbus, even though I did not need ipc.

  4. Linux: oh no polkit is vulnerable, let me just run sudo dnf update
    Windows: oh no, somethings broken (idk what), let me wait it a few minutes for the check for updates button to refresh so I can restart my entire computer and wait another 5 minutes

  5. I think that Linux was meant to be a desktop OS, but because Windows/DOS was easier to use at the time, people stayed with Windows/DOS and only enterprises moved from paid Unix to free Linux

  6. Priviledge escalation exploits on software that doesnt have the rights to manage priviledges is exceedingly rare. If there's going to be one, it's going to be in one managing priviledges. That's not odd, abnormal, or an exceptionally bad fail by any standard. It happens.

  7. 5:50 "(Linux was) originally meant to be a server (system)"
    What?? Linus made it for himself for desktop use. And although Linux took over server, he said he regrets that it didn't take over personal computers.

  8. The most important thing to take away from this is keep your systems updated. The Linux teams are VERY good at patching exploits in a timely manner (Unlike Redmond), so as long as you keep everything up to date, you'll be fine.

Leave a Reply

Your email address will not be published. Required fields are marked *