Lab: PwnKit

The goal of this step is to understand the history of this vulnerability.

A researcher at Qualys discovered a vulnerability in the polkit Authorization manager software installed on most linux distributions.
- This vulnerability is part of the original software release and has been in existence for over 12 years.
- This vulnerability allows an escalation of privilege attack.
The company alerted redhat, the maintainer of the software on 11/18/2021
The company then announced the exploit to the world on 1/25/2022
- see this blog entry
On that day, many tech journals carried the story
- ZDNet
- Security Week
By the end of the day on 1/25, at least one github repo had been established with code to exploit the vulnerability.
A full report is available here.