Linux Polkit has been granting root access to unauthorized users for 7 years

A flaw in Polkit that has been running on Linux systems for seven years allows underprivileged users to access Root.

linux flaw vulnerability

Malicious users can take advantage of a flaw in Polkit and locally bypass the rights of an unauthorized user to gain root access to the Linux system.

The Polkit (formerly PolicyKit) is a toolkit for setting and manipulating permissions on Linux and is used to allow non-privileged processes to communicate with privileged processes.

The vulnerability was named CVE-2021-3560 (CVSS score: 7,8), and affects polkit versions between 0.113 and 0.118. Discovered by the researcher Kevin Backhouse, who said the issue was presented at code that was first released on November 9, 2013 (!!).

Red Hat Cedric Buissart he mentioned that Debian-based distributions contain polkit 0.105 and are therefore vulnerable.

RHEL 8, Fedora 21 (or later), Debian “” και Ubuntu 20.04 είναι μερικές από τις πιο δημοφιλείς διανομές Linux που επηρεάζονται από την ευπάθεια του polkit. Το πρόβλημα έχει μετριαστεί στην 0.119, which was released on June 3.

Backhouse said: "Vulnerability is surprisingly easy to exploit. All you need is some commands in the terminal using only standard tools like bash, kill and dbus-send.

“dbus-send” is a Linux inter-process communication (IPC) mechanism, and is used to send a message over the D-Bus message bus, allowing communication between multiple processes running concurrently on the same . Αν κάποιος κάνει kill στην εντολή, προκαλεί παράκαμψη του because polkit handles the abruptly terminated message and treats the request as if it came from a root privileged process (UID 0), thus allowing the request.

Linux users should update their operating system immediately to rectify the potential risk arising from the defect.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
linux, flaw, Polkit

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).