{"id":250640,"date":"2026-05-20T10:15:00","date_gmt":"2026-05-20T14:15:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/20\/pardus-linux-local-privilege-escalation-flaw-allows-silent-root-access\/"},"modified":"2026-05-20T14:35:16","modified_gmt":"2026-05-20T18:35:16","slug":"pardus-linux-local-privilege-escalation-flaw-allows-silent-root-access","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/20\/pardus-linux-local-privilege-escalation-flaw-allows-silent-root-access\/","title":{"rendered":"Pardus Linux Local Privilege Escalation Flaw Allows Silent Root Access"},"content":{"rendered":"<p><a href=\"https:\/\/cybersecuritynews.com\/pardus-linux-privilege-escalation-flaw\/\">Pardus Linux Local Privilege Escalation Flaw Allows Silent Root Access<\/a><\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/pardus-linux-privilege-escalation-flaw\/\">https:\/\/cybersecuritynews.com\/pardus-linux-privilege-escalation-flaw\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-20 10:15:00<\/a><\/p>\n<p>Source Domain: <a href=\"cybersecuritynews.com\">cybersecuritynews.com<\/a><\/p>\n<p>A critical vulnerability chain affecting Pardus Linux has been disclosed, allowing local users to gain full root privileges without authentication.<\/p>\n<p>The issue, assigned a CVSS v3.1 score of 9.3, impacts the pardus-update package, a core component responsible for system updates in the Debian-based distribution maintained by T\u00dcB\u0130TAK.<\/p>\n<p>Pardus is widely deployed across government institutions, educational environments, and enterprise systems in Turkey, making this flaw particularly significant in shared and multi-user environments.<\/p>\n<p>Security researcher \u00c7a\u011fr\u0131 Eser (0xc4gr1) identified that the issue is not a single bug, but a combination of three weaknesses that together enable complete system compromise.<\/p>\n<p>These include a PolicyKit (Polkit) misconfiguration, a carriage return-line feed (CRLF) injection flaw, and an untrusted file path vulnerability.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-pardus-linux-privilege-escalation-flaw\"><strong>Pardus Linux Privilege Escalation Flaw<\/strong><\/h2>\n<p>The first issue lies in the Polkit policy configuration. Critical update actions, such as aptupdateaction and autoaptupgradeaction, were configured with \u201callow_any=yes,\u201d allowing any user to execute privileged operations without authentication.<\/p>\n<p>This effectively grants passwordless root execution of backend Python scripts via pkexec.<\/p>\n<p>The second flaw exists in the SystemSettingsWrite.py script, which writes user-controlled input into a configuration file.<\/p>\n<p>While newline characters are filtered, carriage return characters are not. This allows attackers to inject arbitrary configuration entries into \/etc\/pardus\/pardus-update.conf.<\/p>\n<p>By crafting a malicious input, attackers can insert a custom APT source path pointing to a file under their control.<\/p>\n<p>The third issue arises in AutoAptUpgrade.py, which processes the manipulated configuration.<\/p>\n<p>The script blindly copies attacker-supplied APT source files into \/etc\/apt\/sources.list.d\/ without validation. This enables attackers to introduce a malicious repository and trigger package installation as&#8230;<\/p>\n<p><a href=\"https:\/\/cybersecuritynews.com\/pardus-linux-privilege-escalation-flaw\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Pardus Linux Local Privilege Escalation Flaw Allows Silent Root Access https:\/\/cybersecuritynews.com\/pardus-linux-privilege-escalation-flaw\/ Publish Date: 2026-05-20 10:15:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":250641,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"http:\/\/cybersecuritynews.com\/wp-content\/uploads\/2026\/05\/Pardus-Linux-Local-Privilege-Escalation-Flaw-Allows-Silent-Root-Access.webp","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[91,89,71,57,27],"class_list":["post-250640","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-debian","tag-flaw","tag-linux","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/250640"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=250640"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/250640\/revisions"}],"predecessor-version":[{"id":250642,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/250640\/revisions\/250642"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/250641"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=250640"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=250640"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=250640"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}