CVE-2021-3560

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Recent assessments:

jheysel-r7 at October 05, 2022 7:28pm UTC reported:

Polkit is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. D-Bus is a message-oriented middleware mechanism that allows communication between multiple processes running concurrently on the same machine.

A vulnerbility was found in Polkit that allows a local unprivileged attacker to obtain execution as the root user. The attacker needs to invoke method over D-bus and then kill the client process. Not always, but sometimes this will cause the operation to complete without requiring authenetication.

This allows a local unprivilged attacker to attempt to create a new user with sudo access and a known password. When successful, the attacker can then execute a payload with root privileges.

This is bad. Polkit is installed by default across many linux distributions making this a fantastic attack vector. Very important to patch!

Assessed Attacker Value: 4
Assessed Attacker Value: 4Assessed Attacker Value: 5