Linux Privilege Escalation Vulnerability (CVE-2021-3560): Linux authorization service polkit has an authentication bypass vulnerability, allowing privilege escalation to root via timing attacks on the terminal.
polkit is an authorization service used for allowing unprivileged processes to communicate with privileged processes. When a low privileged user or process (subject) wants to access resources (object) that requires higher privileges, polkit authorization service either makes an allow or deny decision behind the scenes, or prompts a dialog box to receive further authorization before granting the needed privileges.
Announced by Kevin Backhouse from the the GitHub Security Lab, in polkit version 0.113, an authentication bypass vulnerability exists that allows a local, unprivileged attacker to gain root privileges by executing timing attacks on the terminal. The flaw in the polkit service stems from mishandling of interrupted authorization requests by lower privileged processes. More precisely, if an authorization request is interrupted before the polkit service captures the UID (User Identifier) of the requesting process properly, polkit service treats the request as if coming from a process with UID 0 (Root: User Identifier 0) rather than rejecting it.
To learn more about the vulnerability and its exploitation steps, you could either refer to the blog post (Privilege escalation with polkit) or check the video shared by the security researcher.
The vulnerability exists for almost 7 years, since it was introduced via an update in November 2013. Though not all Linux distributions are affected by the vulnerability, many popular distributions that use polkit version 0.113 needs to be patched immediately. The patch for the vulnerability (CVE-2021-3560) was released on June 3.
The affected Linux distributions include Red Hat Enterprise Linux 8, Fedora 21 or later, Debian (bullseye), and Ubuntu 20.04.
An unprivileged user can obtain root shell exploiting the disclosed Linux privilege escalation vulnerability (CVE-2021-3560).
Category: Elevation of Privilege (Root User)
CVSS 3.1 Base Score: N/A Critical
CVSS 3.1 Vector: N/A
To defend against possible attacks due to Linux privilege escalation vulnerability (CVE-2021-3560), polkit authorization service version 0.113 needs to be patched that was released on June 3, 2021.
All operating systems sucks, but Linux just sucks less.Linus Torvalds
Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.
References to Advisories, Solutions and Tools
References to Other Linux Vulnerabilities
- Linux Sudo Vulnerability (CVE-2021-3156)
- Linux Sudo Vulnerability (CVE-2019-14287)
- Linux Sudo Vulnerability (CVE-2019-18634)