Wednesday, February 5, 2025
Latest:
OPERATING SYSTEMSOS Linux

CVE-2021-3560: Linux local privilege escalation using authentication bypass vulnerability in polkit

i myself decievability walks through a vulnerability in polkit, a widely used system service, here in Ubuntu 20.04, but also used in other distributions such as Fedora and RHEL 8. Using a combination of dbus-send, sleep, and kill, i gets a root shell.

CVE-2021-3560= is an authentication bypass on polkit, which allows an unprivileged user to call privileged methods using DBus, the PoC exploits this bug to call 2 privileged methods provided by accountsservice (CreateUser and SetPassword), which allows us to create a priviliged user then setting a password to it.

source

ubuntu 20.04

You May Also Like

Fundamentals of Red Hat Enterprise Linux | Global Knowledge

Microsoft SQL Server on Red Hat Enterprise Linux

Gabriele Columbro | FINOS | OSSF Keynote: Closing & Community Awards

Leave a Reply

Your email address will not be published. Required fields are marked *