A flaw in Polkit that has been running on Linux systems for seven years allows unprivileged users to obtain access in Root.
Malicious users can take advantage of a flaw in Polkit and locally bypass the rights of an unauthorized user to gain root access to the Linux system.
The Polkit (formerly PolicyKit) is a toolkit for setting and manipulating licenses in Linux distributions and is used to allow privileged processes to communicate with privileged processes.
The vulnerability was named CVE-2021-3560 (CVSS rating: 7,8), and affects polkit versions between 0.113 and 0.118. It was discovered by security investigator Kevin Backhouse, who said the issue was raised in code that was first released on November 9, 2013 (!!).
Red Hat Cedric Buissart he mentioned that Debian-based distributions contain polkit 0.105 and are therefore vulnerable.
RHEL 8, Fedora 21 (or later), Debian “Bullseye” and Ubuntu 20.04 είναι μερικές από τις πιο δημοφιλείς διανομές Linux που επηρεάζονται από την ευπάθεια του polkit. Το πρόβλημα έχει μετριαστεί στην version 0.119, which was released on June 3.
Backhouse said: “The vulnerability is surprisingly easy to exploit. All it takes is a few commands in the terminal using only formals tools such as bash, kill and dbus-send”.
“dbus-send” is a Linux inter-process communication (IPC) mechanism, and is used to send a message over the D-Bus message bus, allowing communication between multiple processes running concurrently on the same computer. Killing the command causes authentication to be bypassed because polkit handles the aborted message and treats the request as if it came from a root process (UID 0), thus allowing the request.
Linux users should update their operating system immediately to rectify the potential risk arising from the defect.