Uncovering a Major Linux PolicyKit Security Vulnerability: Pwnkit – Wheel – PSW #727



Qualys researcher, Wheel, will discuss the discovery of the 12 year old Linux vulnerability in PolicyKit – which Qualys had dubbed, PwnKit. Wheel will provide an overview of the vulnerability and then dive into a technical discussion of the research.

Segment Resources:

https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
Visit https://www.securityweekly.com/psw for all the latest episodes!

Full Episode Show Notes

Uncovering a Major Linux PolicyKit Security Vulnerability: Pwnkit – Wheel

Guests

. Wheel

. Wheel – Researcher at Qualys

“Wheel” is a member of the Qualys Research Team responsible for finding zero-days.

Hosts

Paul Asadoorian

Paul Asadoorian – Founder at Security Weekly

@securityweekly

Paul Asadoorian is the founder of Security Weekly, which was acquired by CyberRisk Alliance. Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.

Announcements

  • CRA’s Business Intelligence Unit has launched its next survey on Zero Trust! What are Your Barriers to Zero Trust Implementation? Take our survey and enter to win a $500 Tango card by visiting https://securityweekly.com/zerotrust. Report results will be released at our upcoming Zero Trust E-Summit in March!