Security News > 2021 > June > GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability
GitHub this week disclosed the details of an easy-to-exploit Linux vulnerability that can be leveraged to escalate privileges to root on the targeted system.
The flaw, classified as high severity and tracked as CVE-2021-3560, impacts polkit, an authorization service that is present by default in many Linux distributions.
The security hole was discovered by Kevin Backhouse of the GitHub Security Lab.
The vulnerability has been confirmed to impact some versions of Red Hat Enterprise Linux, Fedora, Debian and Ubuntu.
The vulnerable component, polkit, is a system service designed for controlling system-wide privileges, providing a way for non-privileged processes to communicate with privileged processes.
The vulnerability discovered by the researcher is easy to exploit, with just a few commands in the terminal.
News URL
Related news
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Fake LDAPNightmware exploit on GitHub spreads infostealer malware (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLs (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-16 | CVE-2021-3560 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. | 7.8 |