GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability

2021-06-11 13:09

GitHub this week disclosed the details of an easy-to-exploit Linux vulnerability that can be leveraged to escalate privileges to root on the targeted system.

The flaw, classified as high severity and tracked as CVE-2021-3560, impacts polkit, an authorization service that is present by default in many Linux distributions.

The security hole was discovered by Kevin Backhouse of the GitHub Security Lab.

The vulnerability has been confirmed to impact some versions of Red Hat Enterprise Linux, Fedora, Debian and Ubuntu.

The vulnerable component, polkit, is a system service designed for controlling system-wide privileges, providing a way for non-privileged processes to communicate with privileged processes.

The vulnerability discovered by the researcher is easy to exploit, with just a few commands in the terminal.

News URL

http://feedproxy.google.com/~r/securityweek/~3/ixenj8Lk5tU/github-discloses-details-easy-exploit-linux-vulnerability

#exploit #github #linux #vulnerability #CVE-2021-3560

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-16	CVE-2021-3560	Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. local low complexity polkit-project debian canonical redhat CWE-754	7.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Linux		17	376	2474	1533	666	5049
Github		12	3	42	30	15	90

News URL

Related news

Related Vulnerability

Related vendor