Security News > 2021 > June > GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability
GitHub this week disclosed the details of an easy-to-exploit Linux vulnerability that can be leveraged to escalate privileges to root on the targeted system.
The flaw, classified as high severity and tracked as CVE-2021-3560, impacts polkit, an authorization service that is present by default in many Linux distributions.
The security hole was discovered by Kevin Backhouse of the GitHub Security Lab.
The vulnerability has been confirmed to impact some versions of Red Hat Enterprise Linux, Fedora, Debian and Ubuntu.
The vulnerable component, polkit, is a system service designed for controlling system-wide privileges, providing a way for non-privileged processes to communicate with privileged processes.
The vulnerability discovered by the researcher is easy to exploit, with just a few commands in the terminal.
News URL
Related news
- Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Targets Over 6,000 Devices (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-16 | CVE-2021-3560 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. | 7.8 |