The function polkit_system_bus_name_get_creds_sync() was called without checking for error, and as such temporarily treats the authentication request as coming from root.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All polkit users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=sys-auth/polkit-0.119"

OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-auth/polkit< 0.119UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	sys-auth/polkit	< 0.119	UNKNOWN

suse 2

nessus 29

photon 8

attackerkb 1

thn 3

githubexploit 26

veracode 1

redos 1

openvas 16

redhat 8

rocky 1

packetstorm 2

archlinux 1

altlinux 1

redhatcve 1

cisa_kev 1

cbl_mariner 1

almalinux 1

f5 1

osv 3

fedora 2

ubuntu 1

cve 1

prion 1

oraclelinux 1

ubuntucve 1

zdt 2

debiancve 1

slackware 1

mageia 1

alpinelinux 1

freebsd 1

exploitdb 1

seebug 1

github 2

rapid7blog 1

trellix 2

oracle 1

suse

Security update for polkit (important)

2021-06-04 00:00:00

Security update for polkit (important)

2021-07-11 00:00:00

nessus

SUSE SLES12 Security Update : polkit (SUSE-SU-2021:1842-1)

2021-06-04 00:00:00

SUSE SLED15 / SLES15 Security Update : polkit (SUSE-SU-2021:1843-1)

2021-06-04 00:00:00

EulerOS Virtualization 3.0.6.0 : polkit (EulerOS-SA-2022-1090)

2022-02-13 00:00:00

photon

Important Photon OS Security Update - PHSA-2021-0037

2021-06-03 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0397

2021-06-03 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0350

2021-06-04 00:00:00

attackerkb

CVE-2021-3560

2022-02-16 00:00:00

thn

7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

2021-06-11 07:47:00

12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

2022-01-26 05:39:00

Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions

2023-10-04 07:21:00

githubexploit

Exploit for Improper Check for Unusual or Exceptional Conditions in Polkit Project Polkit

2021-06-11 12:33:56

Exploit for Improper Check for Unusual or Exceptional Conditions in Polkit Project Polkit

2021-07-30 11:41:34

Exploit for Improper Check for Unusual or Exceptional Conditions in Polkit Project Polkit

2021-06-14 03:45:38

veracode

Denial Of Service (DoS)

2021-06-04 22:46:32

redos

ROS-20211223-06

2021-12-23 00:00:00

openvas

openSUSE: Security Advisory for polkit (openSUSE-SU-2021:0838-1)

2021-06-05 00:00:00

openSUSE: Security Advisory for polkit (openSUSE-SU-2021:1843-1)

2021-07-13 00:00:00

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2022-1090)

2022-02-13 00:00:00

redhat

(RHSA-2021:2238) Important: polkit security update

2021-06-03 07:54:47

(RHSA-2021:2236) Important: polkit security update

2021-06-03 07:54:08

(RHSA-2021:2237) Important: polkit security update

2021-06-03 07:54:25

rocky

polkit security update

2021-06-03 07:54:47

packetstorm

Polkit 0.105-26 0.117-2 Privilege Escalation

2021-06-15 00:00:00

Polkit D-Bus Authentication Bypass

2021-07-09 00:00:00

archlinux

[ASA-202106-24] polkit: privilege escalation

2021-06-09 00:00:00

altlinux

Security fix for the ALT Linux 9 package polkit version 0.116-alt2.M90P.2

2021-06-15 00:00:00

redhatcve

CVE-2021-3560

2021-06-03 07:20:59

cisa_kev

Red Hat Polkit Incorrect Authorization Vulnerability

2023-05-12 00:00:00

cbl_mariner

CVE-2021-3560 affecting package polkit 0.116-7

2022-02-01 04:53:56

almalinux

Important: polkit security update

2021-06-03 07:54:47

K41410307 : polkit vulnerability CVE-2021-3560

2021-07-14 00:00:00

osv

policykit-1 vulnerability

2021-06-03 10:51:20

CVE-2021-3560

2022-02-16 19:15:08

Important: polkit security update

2021-06-03 07:54:47

fedora

[SECURITY] Fedora 34 Update: polkit-0.117-3.fc34.1

2021-06-07 01:16:40

[SECURITY] Fedora 33 Update: polkit-0.117-2.fc33.1

2021-06-19 01:14:12

ubuntu

polkit vulnerability

2021-06-03 00:00:00

cve

CVE-2021-3560

2022-02-16 19:15:00

prion

Design/Logic Flaw

2022-02-16 19:15:00

oraclelinux

polkit security update

2021-06-04 00:00:00

ubuntucve

CVE-2021-3560

2021-06-03 00:00:00

zdt

Polkit 0.105-26 0.117-2 - Local Privilege Escalation Exploit

2021-06-15 00:00:00

Polkit D-Bus Authentication Bypass Exploit

2021-07-10 00:00:00

debiancve

CVE-2021-3560

2022-02-16 19:15:00

slackware

[slackware-security] polkit

2021-06-07 19:07:33

mageia

Updated polkit packages fix a security vulnerability

2021-06-09 00:45:12

alpinelinux

CVE-2021-3560

2022-02-16 19:15:00

freebsd

polkit -- local privilege escalation using polkit_system_bus_name_get_creds_sync

2021-06-03 00:00:00

exploitdb

Polkit 0.105-26 0.117-2 - Local Privilege Escalation

2021-06-15 00:00:00

seebug

Linux Polkit权限提升漏洞（CVE-2021-3560）

2021-06-15 00:00:00

github

Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug

2021-06-10 16:00:52

The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects

2023-09-21 20:56:46

rapid7blog

Metasploit Wrap-Up

2021-07-16 19:47:06

trellix

The Bug Report - January 2022 Edition

2022-02-02 00:00:00

The Bug Report - January 2022 Edition

2022-02-02 00:00:00

oracle

Oracle Critical Patch Update Advisory - July 2021

2021-07-20 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

84.9%

JSON

Related for GLSA-202107-31