Polkit, formerly known as PolicyKit, is a tool embedded in most major Linux distributions. It has recently been found vulnerable to a local privilege escalation vulnerability. All previously released versions are vulnerable and should be updated to prevent attackers from easily getting full root access on targetted machines. We’ve covered all the details in our Polkit vulnerability blog post.
The report below provides an overview of all Linux machines where the software “polkit” has been found. It also lists the specific version of Polkit installed. Since every Linux distribution version includes specific Polkit version, it is recommended to check on the distribution’s website which version of polkit includes a fix.
Polkit Vulnerability Query
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tsysAssetTypes.AssetTypename As AssetType,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblSoftwareUni.softwareName As Software,
tblLinuxSoftware.Version As Version,
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblLinuxSystem.OSRelease As OS,
tblLinuxSystem.KernelRelease,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblLinuxSoftware.LastChanged
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblLinuxSoftware On tblAssets.AssetID = tblLinuxSoftware.AssetID
Inner Join tblSoftwareUni On
tblSoftwareUni.SoftID = tblLinuxSoftware.SoftwareUniID
Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID
Where tblSoftwareUni.softwareName Like 'polkit' And tblState.Statename = 'Active'
Order By tblAssets.Domain,
tblAssets.AssetName,
Software
