Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

Langchain is about to become a unicorn, sources say

Hackers use leaked shelter tool licenses to spread Lumma Stealer and Sectoprat malware

Anatsa Android Banking Trojan hits 90,000 users with fake PDF apps on Google Play

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » New Linux flaws allow full root access via PAM and UDISK via main distribution
Identity

New Linux flaws allow full root access via PAM and UDISK via main distribution

userBy userJune 19, 2025No Comments2 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

June 19, 2025Ravi LakshmananLinux/Vulnerability

Cybersecurity researchers have discovered two local privilege escalation (LPE) flaws that can be exploited to gain root privileges on machines running major Linux distributions.

The vulnerabilities discovered by qualys are listed below –

CVE-2025-6018-Suse 15 Plugable Authentication Module (PAM) CVE-2025-6019 to lpe_active in libblockdev to root lpe_active in libblockdev

“These modern ‘local to root’ exploits have broken the gap between normal logged in users and full system acquisitions,” says Saeed Abbasi, senior manager at Qualys Threat Research Unit (TRU).

Cybersecurity

“By checking for legitimate services such as Udisks Loop-Mounts and PAM/Environment Quirks, attackers who own active GUI or SSH sessions can appear as root in seconds, past Polkit’s Allow_active Trust Zone.”

Cybersecurity companies say that CVE-2025-6018 exists in PAM configurations for OpenSuse Leap 15 and Suse Linux Enterprise 15, allowing special local attackers to be promoted to “Allow_active” users reserved for users with physical presence and can invoke the Polkit action.

Meanwhile, CVE-2025-6019 affects LibblockDev and is exploitable via the UDISKS daemon, which is included by default in most Linux distributions. Essentially, “Allow_Active” users can obtain full route privileges by chaining on CVE-2025-6018.

“Nominally requires the ‘Allow_active’ privilege, but Udisks ships by default to almost all Linux distributions, so almost every system is vulnerable,” Abbasi added. “The techniques for obtaining “Allow_active” including the PAM issues disclosed here further denies that barrier. ”

Once route privileges are obtained, attackers have Cult Blanche access to the system, allowing them to be used as a springboard for a wider range of Compremise actions, including changing security controls and embedding backdoors for secret access.

Qualys said it has developed a proof of concept (POC) exploit to check the existence of these vulnerabilities in a variety of operating systems, including Ubuntu, Debian, Fedora and Opensuse Leap 15.

To mitigate the risks posed by these defects, it is essential to apply patches provided by Linux distribution vendors. As a temporary workaround, the user changes the polkit rule for “org.freedesktop.udisks2.modify-device” to request administrator authentication (“auth_admin”).

Defects disclosed in Linux Pam

This disclosure comes when Linux PAM maintainers resolve high-strength past traversal defects (CVE-2025-6020, CVSS score: 7.8) that could allow local users to escalate to root their privileges. This issue has been fixed in version 1.7.1.

Cybersecurity

“The Linux-PAM module PAM_NamesPace <= 1.7.0 allows access to user-controlled paths without proper protection. This allows local users to increase their privileges through multiple Symlink attacks and racial conditions."

Linux systems are vulnerable when using pam_namespace to set up Polyinantiated Directories with a path to a Polyinantiated Directory or Instance directory under user control. As a workaround for CVE-2025-6020, users can disable PAM_NamesPace or confirm that it does not work with user-controlled paths.

Olivier Bal-Petre of Anssi, who reported the defect to the maintainer on January 29, 2025, said that users should also update their names. If you are using what was provided by the distribution to allow one of the two paths to be safely manipulated as root, you need to write a script.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read exclusive content you post.

Source link

Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleThe government says Harvard researchers accused of smuggling frog embryos have brought “biological materials”
Next Article Map: Where Senate Republicans want to sell your public land
user
  • Website

Related Posts

Hackers use leaked shelter tool licenses to spread Lumma Stealer and Sectoprat malware

July 8, 2025

Anatsa Android Banking Trojan hits 90,000 users with fake PDF apps on Google Play

July 8, 2025

Malicious Pull Request Targets Over 6,000 Developers Target via Vulnerable Escode vs Code Extensions

July 8, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Langchain is about to become a unicorn, sources say

Hackers use leaked shelter tool licenses to spread Lumma Stealer and Sectoprat malware

Anatsa Android Banking Trojan hits 90,000 users with fake PDF apps on Google Play

The latest update for Mastodon prepares quote posts, Revamps Design app

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

Robots Play Football in Beijing: A Glimpse into China’s Ambitious AI Future

TwinH: A New Frontier in the Pursuit of Immortality?

Meta’s Secret Weapon: The Superintelligence Unit That Could Change Everything 

Unlocking the Power of Prediction: The Rise of Digital Twins in the IoT World

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.