Kevin Backhouse discovered that polkit incorrectly handled errors in the
polkit_system_bus_name_get_creds_sync function. A local attacker could
possibly use this issue to escalate privileges.

References

ubuntu.com/security/CVE-2021-3560

ubuntu.com/security/notices/USN-4980-1

nessus 29

githubexploit 26

altlinux 1

openvas 16

cisa_kev 1

redhatcve 1

redhat 8

suse 2

cbl_mariner 1

slackware 1

debiancve 1

fedora 2

alpinelinux 1

zdt 2

freebsd 1

mageia 1

osv 2

archlinux 1

thn 3

veracode 1

rocky 1

redos 1

photon 8

attackerkb 1

packetstorm 2

gentoo 1

almalinux 1

f5 1

cve 1

ubuntu 1

ubuntucve 1

prion 1

oraclelinux 1

exploitdb 1

seebug 1

github 2

rapid7blog 1

trellix 2

oracle 1

nessus

RHEL 8 : polkit (RHSA-2021:2236)

2022-09-15 00:00:00

Photon OS 1.0: Polkit PHSA-2021-1.0-0397

2021-06-04 00:00:00

EulerOS 2.0 SP9 : polkit (EulerOS-SA-2021-2561)

2021-09-27 00:00:00

githubexploit

Exploit for Improper Check for Unusual or Exceptional Conditions in Polkit Project Polkit

2021-07-02 10:03:26

Exploit for Incorrect Authorization in Polkit Project Polkit

2022-01-31 09:02:23

Exploit for Improper Check for Unusual or Exceptional Conditions in Polkit Project Polkit

2021-06-14 03:45:38

altlinux

Security fix for the ALT Linux 9 package polkit version 0.116-alt2.M90P.2

2021-06-15 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2021:1843-1)

2021-06-09 00:00:00

Huawei EulerOS: Security Advisory for polkit (EulerOS-SA-2021-2537)

2021-09-28 00:00:00

SUSE: Security Advisory (SUSE-SU-2021:1844-1)

2021-06-09 00:00:00

cisa_kev

Red Hat Polkit Incorrect Authorization Vulnerability

2023-05-12 00:00:00

redhatcve

CVE-2021-3560

2021-06-03 07:20:59

redhat

(RHSA-2021:2236) Important: polkit security update

2021-06-03 07:54:08

(RHSA-2021:2238) Important: polkit security update

2021-06-03 07:54:47

(RHSA-2021:2237) Important: polkit security update

2021-06-03 07:54:25

suse

Security update for polkit (important)

2021-07-11 00:00:00

Security update for polkit (important)

2021-06-04 00:00:00

cbl_mariner

CVE-2021-3560 affecting package polkit 0.116-7

2022-02-01 04:53:56

slackware

[slackware-security] polkit

2021-06-07 19:07:33

debiancve

CVE-2021-3560

2022-02-16 19:15:00

fedora

[SECURITY] Fedora 33 Update: polkit-0.117-2.fc33.1

2021-06-19 01:14:12

[SECURITY] Fedora 34 Update: polkit-0.117-3.fc34.1

2021-06-07 01:16:40

alpinelinux

CVE-2021-3560

2022-02-16 19:15:00

zdt

Polkit D-Bus Authentication Bypass Exploit

2021-07-10 00:00:00

Polkit 0.105-26 0.117-2 - Local Privilege Escalation Exploit

2021-06-15 00:00:00

freebsd

polkit -- local privilege escalation using polkit_system_bus_name_get_creds_sync

2021-06-03 00:00:00

mageia

Updated polkit packages fix a security vulnerability

2021-06-09 00:45:12

osv

Important: polkit security update

2021-06-03 07:54:47

CVE-2021-3560

2022-02-16 19:15:08

archlinux

[ASA-202106-24] polkit: privilege escalation

2021-06-09 00:00:00

thn

7-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

2021-06-11 07:47:00

12-Year-Old Polkit Flaw Lets Unprivileged Linux Users Gain Root Access

2022-01-26 05:39:00

Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions

2023-10-04 07:21:00

veracode

Denial Of Service (DoS)

2021-06-04 22:46:32

rocky

polkit security update

2021-06-03 07:54:47

redos

ROS-20211223-06

2021-12-23 00:00:00

photon

Important Photon OS Security Update - PHSA-2021-0037

2021-06-03 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0397

2021-06-03 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0350

2021-06-04 00:00:00

attackerkb

CVE-2021-3560

2022-02-16 00:00:00

packetstorm

Polkit 0.105-26 0.117-2 Privilege Escalation

2021-06-15 00:00:00

Polkit D-Bus Authentication Bypass

2021-07-09 00:00:00

gentoo

polkit: Privilege escalation

2021-07-13 00:00:00

almalinux

Important: polkit security update

2021-06-03 07:54:47

K41410307 : polkit vulnerability CVE-2021-3560

2021-07-14 00:00:00

cve

CVE-2021-3560

2022-02-16 19:15:00

ubuntu

polkit vulnerability

2021-06-03 00:00:00

ubuntucve

CVE-2021-3560

2021-06-03 00:00:00

prion

Design/Logic Flaw

2022-02-16 19:15:00

oraclelinux

polkit security update

2021-06-04 00:00:00

exploitdb

Polkit 0.105-26 0.117-2 - Local Privilege Escalation

2021-06-15 00:00:00

seebug

Linux Polkit权限提升漏洞（CVE-2021-3560）

2021-06-15 00:00:00

github

Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug

2021-06-10 16:00:52

The GitHub Security Lab’s journey to disclosing 500 CVEs in open source projects

2023-09-21 20:56:46

rapid7blog

Metasploit Wrap-Up

2021-07-16 19:47:06

trellix

The Bug Report - January 2022 Edition

2022-02-02 00:00:00

The Bug Report - January 2022 Edition

2022-02-02 00:00:00

oracle

Oracle Critical Patch Update Advisory - July 2021

2021-07-20 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.012 Low

EPSS

Percentile

84.8%

JSON

Related for OSV:USN-4980-1