A seven-year-old make-me-root flaw in the Linux service polkit has been fixed

Best laptop deals right now

In a blog post on Thursday, GitHub security researcher Kevin Backhouse recounted how he found the bug (CVE-2021-3560) in a service called polkit associated with systemd, a common Linux system and service manager component.

A seven-year-old privilege escalation vulnerability that’s been lurking in several Linux distributions was patched last week in a coordinated disclosure.

Introduced in commit bfa5036 seven years ago and initially shipped in polkit version 0.113, the bug traveled different paths in different Linux distributions. For example, it missed Debian 10 but it made it to the unstable version of Debian, upon which other distros like Ubuntu are based.

Formerly known as PolicyKit, polkit is a service that evaluates whether specific Linux activities require higher privileges than those currently available. It comes into play if, for example, you try to create a new user account.

Backhouse says the flaw is surprisingly easy to exploit, requiring only a few commands using standard terminal tools like bash, kill, and dbus-send.

“The vulnerability is triggered by starting a dbus-send command but killing it while polkit is still in the middle of processing the request,” explained Backhouse.

Killing dbus-send – an interprocess communication command – in the midst of an authentication request causes an error that arises from polkit asking for the UID of a connection that no longer exists (because the connection was killed).

The News Highlights

  • A seven-year-old make-me-root flaw in the Linux service polkit has been fixed
  • Check the latest update on Security news
  • .

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
Lavender: Why isn’t Missouri spending this money?  |  Guest columnists

Lavender: Why isn’t Missouri spending this money? | Guest columnists

Source www.stltoday.com And amid all the controversy about being able to afford Medicaid Expansion, the true number (not an estimate) shows the cost of ...
FaceTime, sharing, smarter alerts, and more are all included in iOS 15

Release date, features, and more for Apple iPadOS 15

The next major update for iPad is iPadOS 15. You can read more about iOS 15 for iPhone in our separate feature, but here are all the features Apple revealed ...
Senate sends Senator Maxmin bill to improve PAC financial laws to governor

Senate sends Senator Maxmin bill to improve PAC financial laws to governor

A PAC or legislator violating these laws may be subject to a penalty of up to $500 or the amount of the unlawful payment or reimbursement, whichever is ...
Will Battlefield 2042 be available on Xbox Game Pass?

Will Battlefield 2042 be available on Xbox Game Pass?

Battlefield 2042 is an upcoming first-person shooter developed by DICE. The game features an incredible multiplayer experience with 7 amazing maps and a ...
Shantae 1-5 will be released on PS5, and Shantae 1 will be released on PS4

Shantae 1-5 will be released on PS5, and Shantae 1 will be released on PS4

While the original Shantae 1-5 games are coming to PS5 digitally, Limited Run Games will offer a physical edition in both standard and collector’s editions ...
Amazon’s latest Echo Buds have a $40 off for Prime members

Amazon’s latest Echo Buds have a $40 off for Prime members

How to sign up for Amazon Prime Verge audio expert Chris Welch posted a review for this model in mid-May, and he called the new Echo Buds “smaller, ...
Every Confirmed E3 Game is Currently Available for Preorder at E3 2021

We Recap The Majority Of The E3 2021 PC Gaming Show

Naraka Bladepoint: This game is an exciting new take on the action royale genre: with player experience built around three core pillars of gameplay; speed, ...
The global mobile health and fitness sensor market is

The global mobile health and fitness sensor market is

By Region :• North America• United States• Canada• Mexico• Europe• Germany• UK• France• Asia Pacific• China• Japan• Rest of the WorldSome of the mobile health ...
Electronic Dance Music Production School

Electronic Dance Music Production School

One factor that many people do not give much thought to is how comfortable they are with the equipment they are using at home. It can be a daunting task to ...
The Crypto Daily - Movers and Shakers - April 2, 2021

US finance executive dies by suicide as company faces fraud charges

The Seeman Holtz investment notes, which the firm called “longevity linked assets,” were described as collateralized by life insurance policies issued to third ...
Show next
Compsmag - Latest News from tech, business and health
Logo