New ‘Pack2TheRoot’ flaw gives hackers root Linux access
Summary
A new vulnerability named Pack2TheRoot has been discovered in the PackageKit daemon for Linux. This flaw could allow local users to gain root privileges by installing or removing system packages. The vulnerability has been addressed in recent updates of PackageKit.
IFF Assessment
This vulnerability allows local attackers to escalate privileges, which is detrimental to system security.
Severity
The vulnerability allows local privilege escalation (Attack Vector: Local), has a high impact on integrity and privileges (Privileges Required: Low, User Interaction: None, Scope: Changed, Impact: High), and is likely easy to exploit given the nature of privilege escalation flaws.
Defender Context
Defenders should ensure that PackageKit is updated to the latest version to mitigate the Pack2TheRoot vulnerability. This flaw highlights the importance of timely patching of system daemons, even those seemingly benign, as they can be leveraged for privilege escalation.