Unprivileged users get root access due to an old Linux issue

Belgium has been hacked, most likely by China

The bug, which was patched last week, exists in Polkit System Service, a toolkit used to evaluate whether specific Linux activities require higher privileges than those currently available. Polkit is installed by default on several Linux distributions, and allows unprivileged processes to speak to privileged processes.

A security researcher has discovered a seven-year-old vulnerability in several Linux distributions, which unprivileged local users could use to bypass authorisation and gain root access.

Because the Polkit service is associated with systemd, any Linux distribution that uses systemd also uses Polkit.

The vulnerability is tracked as CVE-2021-3560, and carries a CVSS score of 7.8. It was uncovered by GitHub security researcher Kevin Backhouse, who noted that the issue was introduced in code commit bfa5036 – way back in 2013.

It initially shipped in Polkit version 0.113, but has travelled to different Linux distributions in the past seven years.

‘When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process,’ Red Hat said in an advisory.

‘The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.’

In a blog post, Backhouse said exploiting the vulnerability is very easy, requiring only a few commands using standard terminal tools like bash, kill and dbus-send.

The flaw impacts Polkit versions between 0.113 and 0.118. Cedric Buissart of Red Hat said it also impacts Debian-based distributions, based on Polkit 0.105. Debian “Bullseye,” Fedora 21 (or later), Ubuntu 20.04 and RHEL 8 among the popular Linux distributions affected.

Polkit v.0.119, released on 3rd June, addresses the issue. Users are advised to update their Linux installations as soon as possible to prevent threat actors from exploiting the bug.

The News Highlights

  • Unprivileged users get root access due to an old Linux issue
  • Check the latest update on Security news
  • .

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
Strategize Your Cash Flow, by Dr. Glenn Mollette |

Strategize Your Cash Flow, by Dr. Glenn Mollette |

Life is short! Enjoy it along the way. How you budget and spend your money can make you financially unstable or you can live with a feeling of financial ...
1Sambayan claims that the campaign app has been hijacked

1Sambayan claims that the campaign app has been hijacked

“We have our safeguards but obviously it was a professional hack,” he told TeleRadyo, adding the cyber attack was an attempt to mess up their selection ...
Andrea Jones and Stacey Antle own Hygge Behavioral Health & Wellness

Andrea Jones and Stacey Antle own Hygge Behavioral Health & Wellness

She and Antle had only spoken a few times before Antle told Jones about her dream of starting a private practice. “I worked as a nurse practitioner in ...
AST Private Company Solutions Announces Opening of New Singapore Office

AST Private Company Solutions Announces Opening of New Singapore Office

Source www.businesswire.comAbout AST Private Company Solutions, Inc. Adds Dinesh Chandra, “Astrella is designed for any start-up looking to grow and ...
XRP wallet transfers 176 million coins

XRP wallet transfers 176 million coins

Price Action of XRP In May 2021, Ripple, San Francisco-based blockchain firm, announced that the company is planning to support NFTs on XRP Ledger (XRPL). In ...
As the Xbox turns 20, Microsoft expands its video game lineup

As the Xbox turns 20, Microsoft expands its video game lineup

The Xbox maker showed off 30 new games coming to its console, which in November will celebrate two decades on the market. Microsoft unveiled Sunday a batch ...
iPhone 13 release date rumors.

Which iPhones will be killed by the iPhone 13 launch?

That’s the fate awaiting some of the phones Apple currently sells in just a few months’ time. We’re anticipating a September launch for the iPhone 13, and ...
Get the Echo Show 5, an Orbit sprinkler controller and more

Best Early Tech Deals on Amazon Prime Day 2021

Unless you’re hoarding an endless array of toilet paper and other household items, tech bargains tend to be the best offered. The most compelling deals ...
Children’s hospitals urge Congress to prioritize the mental health needs of young people

Children’s hospitals urge Congress to prioritize the mental health needs of young people

The Children’s Hospital Association is the national voice of more than 220 children’s hospitals, advancing child health through innovation in the quality, cost ...
Razer Opus X noise-canceling headphones challenge the top-rated brands like Sony, Bose, Apple

Meet An Affordable and Stylish ANC Headset to increase Gaming Experience : Razer Opus X

The launch of the Razer Opus X shows that Razer is committed to holding up its ideals of delivering stylish products that perform well. The more surprising ...
Show next
Compsmag - Latest News from tech, business and health
Logo