CVE-2021-3560 – Polkit – Local Privilege Escalation

by CIRT Team

05 Jul 2021

in CVE, Security Advisories & Alerts

No Comments

1569

Description:
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user.
This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability.

Impact:
The vulnerability enables an unprivileged local user to get a root shell on the system.

Mitigations:
Updates are available.Please see the references or vendor advisory for more information.

Reference URL’s:
https://access.redhat.com/security/cve/cve-2021-3560
https://access.redhat.com/errata/RHSA-2021:2238
https://ubuntu.com/security/CVE-2021-3560
https://security-tracker.debian.org/tracker/CVE-2021-3560
https://www.suse.com/security/cve/CVE-2021-3560/
https://security.archlinux.org/CVE-2021-3560
https://linux.oracle.com/cve/CVE-2021-3560.html

info@cirt.gov.bd

+88-02-550071 83-86

CVE-2021-3560 – Polkit – Local Privilege Escalation

by CIRT Team

05 Jul 2021

in CVE, Security Advisories & Alerts

No Comments

1569

CIRT Team

Recommended Posts

সাইবার নিরাপত্তা সংক্রান্ত সতর্কতা (২৩ নভেম্বর ২০২৩)

Cyber Threat Advisory: CISCO Zero-Day Vulnerabilities Exploitation in Bangladesh

Enhancing Situational Awareness on Emerging Cyber Threats

Subscribe here

Important links

MEMBER OF: