It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Mitigation

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.

References

bugzilla.redhat.com/show_bug.cgi?id=1961710

github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/

nvd.nist.gov/vuln/detail/CVE-2021-3560

www.cve.org/CVERecord?id=CVE-2021-3560

almalinux 1

osv 3

packetstorm 2

f5 1

nessus 29

githubexploit 26

openvas 16

ubuntu 1

gentoo 1

cvelist 1

fedora 2

cve 1

altlinux 1

suse 2

cisa_kev 1

cbl_mariner 1

redhat 8

redos 1

photon 8

attackerkb 1

thn 3

veracode 1

rocky 1

archlinux 1

freebsd 1

debiancve 1

alpinelinux 1

mageia 1

zdt 2

slackware 1

prion 1

ubuntucve 1

oraclelinux 1

exploitdb 1

seebug 1

github 2

rapid7blog 1

trellix 2

oracle 1

almalinux

Important: polkit security update

2021-06-03 07:54:47

osv

CVE-2021-3560

2022-02-16 19:15:08

policykit-1 vulnerability

2021-06-03 10:51:20

Important: polkit security update

2021-06-03 07:54:47

packetstorm

Polkit D-Bus Authentication Bypass

2021-07-09 00:00:00

Polkit 0.105-26 0.117-2 Privilege Escalation

2021-06-15 00:00:00

K41410307 : polkit vulnerability CVE-2021-3560

2021-07-14 00:00:00

nessus

RHEL 8 : polkit (RHSA-2021:2237)

2021-06-03 00:00:00

Photon OS 3.0: Polkit PHSA-2021-3.0-0248

2021-06-04 00:00:00

EulerOS Virtualization 2.9.1 : polkit (EulerOS-SA-2021-2738)

2021-11-17 00:00:00

githubexploit

Exploit for Incorrect Authorization in Polkit Project Polkit

2021-06-29 20:47:16

Exploit for Improper Check for Unusual or Exceptional Conditions in Polkit Project Polkit

2021-07-28 06:05:46

Exploit for CVE-2021-3560

2021-07-26 07:08:36

openvas

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2021-2561)

2021-09-28 00:00:00

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2021-2311)

2021-08-09 00:00:00

Ubuntu: Security Advisory (USN-4980-1)

2021-06-04 00:00:00

ubuntu

polkit vulnerability

2021-06-03 00:00:00

gentoo

polkit: Privilege escalation

2021-07-13 00:00:00

cvelist

CVE-2021-3560

2022-02-16 00:00:00

fedora

[SECURITY] Fedora 34 Update: polkit-0.117-3.fc34.1

2021-06-07 01:16:40

[SECURITY] Fedora 33 Update: polkit-0.117-2.fc33.1

2021-06-19 01:14:12

cve

CVE-2021-3560

2022-02-16 19:15:00

altlinux

Security fix for the ALT Linux 9 package polkit version 0.116-alt2.M90P.2

2021-06-15 00:00:00

suse

Security update for polkit (important)

2021-07-11 00:00:00

Security update for polkit (important)

2021-06-04 00:00:00

cisa_kev

Red Hat Polkit Incorrect Authorization Vulnerability

2023-05-12 00:00:00

cbl_mariner

CVE-2021-3560 affecting package polkit 0.116-7

2022-02-01 04:53:56

redhat

(RHSA-2021:2236) Important: polkit security update

2021-06-03 07:54:08

(RHSA-2021:2238) Important: polkit security update

2021-06-03 07:54:47

(RHSA-2021:2237) Important: polkit security update

2021-06-03 07:54:25

redos

ROS-20211223-06

2021-12-23 00:00:00

photon

Important Photon OS Security Update - PHSA-2021-0037

2021-06-03 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0397

2021-06-03 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0350

2021-06-04 00:00:00

attackerkb

CVE-2021-3560

2022-02-16 00:00:00

thn

7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

2021-06-11 07:47:00

12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

2022-01-26 05:39:00

Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions

2023-10-04 07:21:00

veracode

Denial Of Service (DoS)

2021-06-04 22:46:32

rocky

polkit security update

2021-06-03 07:54:47

archlinux

[ASA-202106-24] polkit: privilege escalation

2021-06-09 00:00:00

freebsd

polkit -- local privilege escalation using polkit_system_bus_name_get_creds_sync

2021-06-03 00:00:00

debiancve

CVE-2021-3560

2022-02-16 19:15:00

alpinelinux

CVE-2021-3560

2022-02-16 19:15:00

mageia

Updated polkit packages fix a security vulnerability

2021-06-09 00:45:12

zdt

Polkit D-Bus Authentication Bypass Exploit

2021-07-10 00:00:00

Polkit 0.105-26 0.117-2 - Local Privilege Escalation Exploit

2021-06-15 00:00:00

slackware

[slackware-security] polkit

2021-06-07 19:07:33

prion

Design/Logic Flaw

2022-02-16 19:15:00

ubuntucve

CVE-2021-3560

2021-06-03 00:00:00

oraclelinux

polkit security update

2021-06-04 00:00:00

exploitdb

Polkit 0.105-26 0.117-2 - Local Privilege Escalation

2021-06-15 00:00:00

seebug

Linux Polkit权限提升漏洞（CVE-2021-3560）

2021-06-15 00:00:00

github

Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug

2021-06-10 16:00:52

The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects

2023-09-21 20:56:46

rapid7blog

Metasploit Wrap-Up

2021-07-16 19:47:06

trellix

The Bug Report - January 2022 Edition

2022-02-02 00:00:00

The Bug Report - January 2022 Edition

2022-02-02 00:00:00

oracle

Oracle Critical Patch Update Advisory - July 2021

2021-07-20 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

0.012 Low

EPSS

Percentile

84.9%

JSON

Related for RH:CVE-2021-3560