Dear Customers,
First of all, vHost would like to thank you for trusting and using vHost's services during the past time.
According to newly received information, currently on Unix-like operating systems such as CentOS, Ubuntu, Debian, Fedora, ... there is a high-level information security vulnerability. This vulnerability is exploited through Polkit - a component for privilege control on Unix-like operating systems. Thereby, the hacker can grant the root user permissions from local users and execute system commands (similar to executing commands with sudo) with the pkexec command followed by the command to execute.
For detailed information about the vulnerability, you can refer to the link below:
https://www.qualys.com/2022/01/25/cve-2021-4034/pwnkit.txt
You can remove the SUID-bit from pkexec as a temporary mitigation and wait for the patched updates, for example:
chmod 0755 /usr/bin/pkexec
vHost would like to inform you to mitigate the vulnerability as soon as possible to avoid this vulnerability being exploited.
In case you need more support, please contact vHost through the following channels:
Best Regards.
