The bug, which was patched last week, exists in Polkit System Service, a toolkit used to evaluate whether specific Linux activities require higher privileges than those currently available. Polkit is installed by default on several Linux distributions, and allows unprivileged processes to speak to privileged processes.
A security researcher has discovered a seven-year-old vulnerability in several Linux distributions, which unprivileged local users could use to bypass authorisation and gain root access.
Because the Polkit service is associated with systemd, any Linux distribution that uses systemd also uses Polkit.
The vulnerability is tracked as CVE-2021-3560, and carries a CVSS score of 7.8. It was uncovered by GitHub security researcher Kevin Backhouse, who noted that the issue was introduced in code commit bfa5036 – way back in 2013.
It initially shipped in Polkit version 0.113, but has travelled to different Linux distributions in the past seven years.
‘When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process,’ Red Hat said in an advisory.
‘The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.’
In a blog post, Backhouse said exploiting the vulnerability is very easy, requiring only a few commands using standard terminal tools like bash, kill and dbus-send.
The flaw impacts Polkit versions between 0.113 and 0.118. Cedric Buissart of Red Hat said it also impacts Debian-based distributions, based on Polkit 0.105. Debian “Bullseye,” Fedora 21 (or later), Ubuntu 20.04 and RHEL 8 among the popular Linux distributions affected.
Polkit v.0.119, released on 3rd June, addresses the issue. Users are advised to update their Linux installations as soon as possible to prevent threat actors from exploiting the bug.
The News Highlights
- Unprivileged users get root access due to an old Linux issue
- Check the latest update on Security news
For Latest News Follow us on Google News
- Show all
- Trending News
- Popular By week