Privilege Escalation Vulnerability of a Seven-Year-Old

Privilege Escalation Vulnerability of a Seven-Year-Old

To exploit this, it only takes a few terminal commands to create a user that is a member of the sudo-group. As it is easy to complete and the “highest threat from this vulnerability is to data confidentiality and integrity as well as system availability,” Red Hat has rated the CVE at 7.8 on the 10-point scale. You can see what exploiting this would look like in the proof-of-concept video above, created by Keven Backhouse on GitHub’s YouTube channel.

A seven-year-old local privilege escalation bug has reared its head and finally got a fix. When it was available, exploiting the vulnerability in the polkit authentication service could have allowed attackers to get a root shell on several actively-used Linux distros. On Linux, polkit is effectively a bouncer of sorts who decides whether a user is allowed to do something that requires higher privileges. Discovered by security researcher Kevin Backhouse, the polkit bug that allows users to break this security was introduced in a commit that shipped with service version .0113 over seven years ago.

Thankfully, many of the most popular Linux distributions did not begin to ship with the vulnerability until more recently. This list of vulnerability Linux flavors includes RHEL 8, Fedora 21 or later, and Ubuntu 20.04. As such, you must update your Linux version as soon as possible to mitigate this now pressing security flaw.

The News Highlights

  • Privilege Escalation Vulnerability of a Seven-Year-Old
  • Check the latest update on Security news
  • .

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
Brazil Police Seize $33 Million In Encryption Fraud Scam
Brazil Police Seize $33 Million In Encryption Fraud Scam
The BlockFi opposition has been interesting because it involved states on both sides of the current political divide. While New Jersey is a Democratic state, ...
Steps to Declutter Your Spotify
Spotify introduces a visually appealing ‘What’s New’ feed to entice people to download the app
According to the company, the What’s New feed will serve as another way for Spotify users to keep up with all the new music and podcasts that are released ...
Liz Weston: How to have a retirement worth saving for
Liz Weston: How to have a retirement worth saving for
“Most adults don’t want a life of pure leisure,” certified financial planner Barbara O’Neill writes in her book “Flipping a Switch: Your Guide to Happiness ...
Poll: Jobs replaces COVID-19 as the most serious problem in NH
Poll: Jobs replaces COVID-19 as the most serious problem in NH
A total of 1,794 people completed the online survey between July 15 and July 19. The margin sampling of error is plus or minus 2.3 percentage points. In ...
Ledyard Financial Group Reports Record Earnings
Ledyard Financial Group Reports Record Earnings
No funds were added to the Allowance during the second quarter of 2021, compared to $1,200,000 for the second quarter of 2020. Year to date $50,000 has been ...
Colts HC Frank Reich Test Positive for COVID-19, Quarantine Before Training Camp
Colts HC Frank Reich Test Positive for COVID-19, Quarantine Before Training Camp
Colts veterans are slated to report to camp on Tuesday. Indy’s first practice is scheduled for Wednesday. Per the NFL’s COVID-19 protocols, a fully ...
In Europe, Hitachi introduces the Q-series of 4K Android TVs, which range in size from 43-65″
In Europe, Hitachi introduces the Q-series of 4K Android TVs, which range in size from 43-65″
4K Android TVs The new Hitachi TVs are the latest in a wave of Android TVs coming to Europe this year. Through its partnership with Google it can offer ...
Crowley Post-Signal, Rayne Acadian-Tribune, Church Point News | AcadiaParishToday.com | Crowley Post-Signal, Rayne Acadian-Tribune, Church Point News
Crowley Post-Signal, Rayne Acadian-Tribune, Church Point News | AcadiaParishToday.com | Crowley Post-Signal, Rayne Acadian-Tribune, Church Point News
Scammers are targeting Cleco customers again, and the company wants customers to know the signs to protect themselves. “Some customers are reporting ...
FirstEnergy admitted that secret dark money made the bribery scheme possible.  So what happened to Ohio legislation that required more disclosure?
FirstEnergy admitted that secret dark money made the bribery scheme possible. So what happened to Ohio legislation that required more disclosure?
But most of FirstEnergy’s contributions were in the form of dark money: Neither journalists nor members of the public could figure out who was behind the ...
The Realme Flash will be the first Android phone to offer wireless charging through magnetic fields
The Realme Flash will be the first Android phone to offer wireless charging through magnetic fields
realme flash-1 Realme is working on a MagSafe-like technology, called MagDart. The Realme Flash will be the first Android device to support Magnetic ...
Show next
Compsmag - Latest News from tech, business and health
Logo