CVE-2021-3560 – Polkit – Local Privilege Escalation

by CIRT Team

Description:
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user.
This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability.

Impact:
The vulnerability enables an unprivileged local user to get a root shell on the system.

Mitigations:
Updates are available.Please see the references or vendor advisory for more information.

Reference URL’s:
https://access.redhat.com/security/cve/cve-2021-3560
https://access.redhat.com/errata/RHSA-2021:2238
https://ubuntu.com/security/CVE-2021-3560
https://security-tracker.debian.org/tracker/CVE-2021-3560
https://www.suse.com/security/cve/CVE-2021-3560/
https://security.archlinux.org/CVE-2021-3560
https://linux.oracle.com/cve/CVE-2021-3560.html

CIRT Team

Recommended Posts

Cyber Threat Alert: Surge in Attacks via Compromised Third-Party Service Providers

08 Feb 2024 - Articles, English articles, Security Advisories & Alerts

বাংলাদেশের আইটি কাঠামোয় তথ্য চুরির ম্যালওয়ারের বিস্তার সম্পর্কে সতর্কতা

18 Jan 2024 - Articles, Bangla Articles, News, Security Advisories & Alerts

সাইবার থ্রেট এলার্টঃ বাংলাদেশকে লক্ষ্য করে চলমান ফিশিং ক্যাম্পেইন

04 Jan 2024 - News, Security Advisories & Alerts