I found out this morning about the local vulnerability that affects virtually every Linux distribution since May of 2009. It is not vulnerable remotely (thank goodness), yet, a person with local privileges could quickly get full root privileges, if they so desired.
The National Security Agency (NSA) Cybersecurity Director Rob Joyce noted on Twitter that the bug, he said, "has me concerned." He said: "Easy and reliable privilege escalation preinstalled on every major Linux distribution. Patch ASAP or use the simple chmod 0755 with /usr/bin/pkexec mitigation." So what he's saying there is fix your distro. Or if for some reason you can't, then use the chmod command. That 0755 sets
the permissions to standard executable, not an SUID executable on that program. And he said, he finished his tweet: "There are working proofs of concept in the wild." (Source: Security Now Episode 856 with Steve Gibson)
Here is the Qualys announcement, they ‘rediscovered’ the vulnerability, as an Australian hacker named Ryan Mallon did discover it and published it on December 16th 2013.
If you already know about it, great. If not, then there are patches available.
Dr. Jan Shuyler Buitron
Senior Cybersecurity Systems Engineer
Doctorate of Computer Science in Cybersecurity
Master of Science in Cybersecurity, Valedictorian
CISSP, MCSE, ITIL v3