Security News > 2021 > June > 7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

A seven-year-old privilege escalation vulnerability discovered in the polkit system service could be exploited by a malicious unprivileged local attacker to bypass authorization and escalate permissions to the root user.

Tracked as CVE-2021-3560, the flaw affects polkit versions between 0.113 and 0.118 and was discovered by GitHub security researcher Kevin Backhouse, who said the issue was introduced in a code commit made on Nov. 9, 2013.

Polkit is a toolkit for defining and handling authorizations in Linux distributions, and is used for allowing unprivileged processes to communicate with privileged processes.

RHEL 8, Fedora 21, Debian "Bullseye," and Ubuntu 20.04 are some of the popular Linux distributions impacted by the polkit vulnerability.

"The vulnerability is surprisingly easy to exploit. All it takes is a few commands in the terminal using only standard tools like bash, kill, and dbus-send," said Backhouse in a write-up published yesterday, adding the flaw is triggered by sending a dbus-send command but terminating the process while polkit is still in the middle of processing the request.

In killing the command, it causes an authentication bypass because polkit mishandles the terminated message and treats the request as though it came from a process with root privileges, thereby immediately authorizing the request.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/xdKTvjR3iVI/7-year-old-polkit-flaw-lets.html