Easily Exploitable ‘Pack2TheRoot’ Linux Vulnerability Leads to Root Access

According to Deutsche Telekom’s Red Team, which discovered the vulnerability, Linux distributions confirmed as affected include Ubuntu Desktop 18.04 (EOL), 24.04.4 (LTS), 26.04 (LTS beta), Ubuntu Server 22.04 – 24.04 (LTS), Debian Desktop Trixie 13.4, RockyLinux Desktop 10.1, Fedora 43 Desktop, and Fedora 43 Server.“It is reasonable to assume that all distributions that ship PackageKit with it enabled are vulnerable. Since PackageKit is an optional dependency of the Cockpit project, many servers with Cockpit installed might be vulnerable as well, including Red Hat Enterprise Linux (RHEL),” Deutsche Telekomnotes.The company has refrained from sharing technical details on the flaw, noting that it is easily exploitable and that it could allow attackers to gain “root access or compromise the system in other ways”.“Even though the vulnerability is reliably exploitable in seconds, it leaves traces that serve as a strong indicator of compromise. After successful exploitation, the PackageKit daemon hits an assertion failure and crashes. Systemd recovers the daemon on the next D-Bus invocation, preventing a denial-of-service, but the crash is observable in the system logs,” Deutsche Telekom says.Pack2TheRoot was addressed in PackageKit version 1.3.5. Patches for it have also been included in recent Debian, Ubuntu, and Fedora updates.Related:Organizations Warned of Exploited Linux VulnerabilitiesRelated:New ‘SSHStalker’ Linux Botnet Uses Old TechniquesRelated:Recent Microsoft Defender Vulnerability Exploited as Zero-DayRelated:Recent Apache ActiveMQ Vulnerability Exploited in the Wild

“It is reasonable to assume that all distributions that ship PackageKit with it enabled are vulnerable. Since PackageKit is an optional dependency of the Cockpit project, many servers with Cockpit installed might be vulnerable as well, including Red Hat Enterprise Linux (RHEL),” Deutsche Telekomnotes.The company has refrained from sharing technical details on the flaw, noting that it is easily exploitable and that it could allow attackers to gain “root access or compromise the system in other ways”.“Even though the vulnerability is reliably exploitable in seconds, it leaves traces that serve as a strong indicator of compromise. After successful exploitation, the PackageKit daemon hits an assertion failure and crashes. Systemd recovers the daemon on the next D-Bus invocation, preventing a denial-of-service, but the crash is observable in the system logs,” Deutsche Telekom says.Pack2TheRoot was addressed in PackageKit version 1.3.5. Patches for it have also been included in recent Debian, Ubuntu, and Fedora updates.Related:Organizations Warned of Exploited Linux VulnerabilitiesRelated:New ‘SSHStalker’ Linux Botnet Uses Old TechniquesRelated:Recent Microsoft Defender Vulnerability Exploited as Zero-DayRelated:Recent Apache ActiveMQ Vulnerability Exploited in the Wild

The company has refrained from sharing technical details on the flaw, noting that it is easily exploitable and that it could allow attackers to gain “root access or compromise the system in other ways”.“Even though the vulnerability is reliably exploitable in seconds, it leaves traces that serve as a strong indicator of compromise. After successful exploitation, the PackageKit daemon hits an assertion failure and crashes. Systemd recovers the daemon on the next D-Bus invocation, preventing a denial-of-service, but the crash is observable in the system logs,” Deutsche Telekom says.Pack2TheRoot was addressed in PackageKit version 1.3.5. Patches for it have also been included in recent Debian, Ubuntu, and Fedora updates.Related:Organizations Warned of Exploited Linux VulnerabilitiesRelated:New ‘SSHStalker’ Linux Botnet Uses Old TechniquesRelated:Recent Microsoft Defender Vulnerability Exploited as Zero-DayRelated:Recent Apache ActiveMQ Vulnerability Exploited in the Wild

“Even though the vulnerability is reliably exploitable in seconds, it leaves traces that serve as a strong indicator of compromise. After successful exploitation, the PackageKit daemon hits an assertion failure and crashes. Systemd recovers the daemon on the next D-Bus invocation, preventing a denial-of-service, but the crash is observable in the system logs,” Deutsche Telekom says.Pack2TheRoot was addressed in PackageKit version 1.3.5. Patches for it have also been included in recent Debian, Ubuntu, and Fedora updates.Related:Organizations Warned of Exploited Linux VulnerabilitiesRelated:New ‘SSHStalker’ Linux Botnet Uses Old TechniquesRelated:Recent Microsoft Defender Vulnerability Exploited as Zero-DayRelated:Recent Apache ActiveMQ Vulnerability Exploited in the Wild

Pack2TheRoot was addressed in PackageKit version 1.3.5. Patches for it have also been included in recent Debian, Ubuntu, and Fedora updates.Related:Organizations Warned of Exploited Linux VulnerabilitiesRelated:New ‘SSHStalker’ Linux Botnet Uses Old TechniquesRelated:Recent Microsoft Defender Vulnerability Exploited as Zero-DayRelated:Recent Apache ActiveMQ Vulnerability Exploited in the Wild

Related:Organizations Warned of Exploited Linux VulnerabilitiesRelated:New ‘SSHStalker’ Linux Botnet Uses Old TechniquesRelated:Recent Microsoft Defender Vulnerability Exploited as Zero-DayRelated:Recent Apache ActiveMQ Vulnerability Exploited in the Wild

Related:New ‘SSHStalker’ Linux Botnet Uses Old TechniquesRelated:Recent Microsoft Defender Vulnerability Exploited as Zero-DayRelated:Recent Apache ActiveMQ Vulnerability Exploited in the Wild

Related:Recent Microsoft Defender Vulnerability Exploited as Zero-DayRelated:Recent Apache ActiveMQ Vulnerability Exploited in the Wild

Related:Recent Apache ActiveMQ Vulnerability Exploited in the Wild

Ionut Arghire is an international correspondent for SecurityWeek.

Source: SecurityWeek