CVE-2021-3560 – Polkit – Local Privilege Escalation

by CIRT Team

Description:
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user.
This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data
confidentiality and integrity as well as system availability.

Impact:
The vulnerability enables an unprivileged local user to get a root shell on the system.

Mitigations:
Updates are available.Please see the references or vendor advisory for more information.

Reference URL’s:
https://access.redhat.com/security/cve/cve-2021-3560
https://access.redhat.com/errata/RHSA-2021:2238
https://ubuntu.com/security/CVE-2021-3560
https://security-tracker.debian.org/tracker/CVE-2021-3560
https://www.suse.com/security/cve/CVE-2021-3560/
https://security.archlinux.org/CVE-2021-3560
https://linux.oracle.com/cve/CVE-2021-3560.html

CIRT Team

Recommended Posts

Active Exploitation of Critical F5 BIG – IP Vulnerability (CVE–2023-46747) Uncovered in Bangladesh

06 Nov 2024 - Security Advisories & Alerts

Emerging Threat_Stealer Malware (Lumma C2) Campaign with fake CAPTCHA pages

08 Oct 2024 - Security Advisories & Alerts

Detection of Fog Ransomware Footprint in Cyber Space of Bangladesh

12 Sep 2024 - Security Advisories & Alerts