Security News > 2021 > June > GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability

GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability
2021-06-11 13:09

GitHub this week disclosed the details of an easy-to-exploit Linux vulnerability that can be leveraged to escalate privileges to root on the targeted system.

The flaw, classified as high severity and tracked as CVE-2021-3560, impacts polkit, an authorization service that is present by default in many Linux distributions.

The security hole was discovered by Kevin Backhouse of the GitHub Security Lab.

The vulnerability has been confirmed to impact some versions of Red Hat Enterprise Linux, Fedora, Debian and Ubuntu.

The vulnerable component, polkit, is a system service designed for controlling system-wide privileges, providing a way for non-privileged processes to communicate with privileged processes.

The vulnerability discovered by the researcher is easy to exploit, with just a few commands in the terminal.


News URL

http://feedproxy.google.com/~r/securityweek/~3/ixenj8Lk5tU/github-discloses-details-easy-exploit-linux-vulnerability

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-02-16 CVE-2021-3560 Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user.
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2602 1595 67 4328
Github 12 2 45 29 19 95