CVE-2021-3560 – Polkit – Local Privilege Escalation

Description:
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user.
This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability.

Impact:
The vulnerability enables an unprivileged local user to get a root shell on the system.

Mitigations:
Updates are available.Please see the references or vendor advisory for more information.

Reference URL’s:
https://access.redhat.com/security/cve/cve-2021-3560
https://access.redhat.com/errata/RHSA-2021:2238
https://ubuntu.com/security/CVE-2021-3560
https://security-tracker.debian.org/tracker/CVE-2021-3560
https://www.suse.com/security/cve/CVE-2021-3560/
https://security.archlinux.org/CVE-2021-3560
https://linux.oracle.com/cve/CVE-2021-3560.html

Recommended Posts

Press release April 2023: Situational Security Alerts from CIRT

21 Apr 2023 - Articles, English articles, News, Notice, Security Advisories & Alerts

Security Best Practices

29 Mar 2023 - Security Advisories & Alerts

Dropbox discloses breach after hacker stole 130 GitHub repositories

02 Nov 2022 - Security Advisories & Alerts