Friday, November 8, 2024
Homecyber security7 Years Old Critical Linux Privilege Escalation Bug Let Hackers Gain Root...

7 Years Old Critical Linux Privilege Escalation Bug Let Hackers Gain Root Access

Published on

Malware protection

GitHub security researcher Kevin Backhouse has recently discovered a seven-year-old critical Linux privilege escalation bug in the polkit system service, which was previously called PoilcyKit, which could allow any hackers to bypass authorization to gain root access on the affected system.

If you don’t know the work of polkit, then let me justify it in short; it’s a toolkit, and if an application needs root privileges for a task, then polkit asks for the appropriate or relevant password.

The recently discovered bug has been tracked as, CVE-2021-3560 and it’s mainly found in polkit service that is actually associated with a typical Linux system and service manager component, “systemd.”

- Advertisement - SIEM as a Service

Seven-year-old Polkit Flaw

This vulnerability was integrated into Commit bfa5036b which was introduced seven years ago, and this bug explored several paths in various Linux distributions since it’s initially directed in polkit version 0.113.

  • CVE ID: CVE-2021-3560
  • CVSS v3 Base Score: 7.8
  • Attack Vector: Local
  • Privileges Required: Low
  • User Interaction: None
  • Integrity Impact: High

This bug requires only a few commands using the terminal tools like bash, kill, and dbus-send, in short, this bug is easy to exploit.

By starting a dbus-send command this bug could be triggered, but, when polkit is still in the midst of concocting the request, it kills it. When polkit asks for the UID of a connection that doesn’t exist, an error arises due to the execution of this during the midst of an authentication request.

Vulnerable Distributions

Here’s the list of all the distribution that are vulnerable to this bug:-

  • RHEL 8: Yes
  • Fedora 21 (or later): Yes
  • Debian testing (“bullseye”): Yes
  • Ubuntu 20.04: Yes

Exploitation

Kevin Backhouse notes that this bug is a possible privilege escalation that was very easy and quick to execute and with only a few commands it can be exploited.

Here, the query that had already ended incorrectly the polkit handles it. Instead of canceling the process, Polkit feigned that the request had come from a process with the UID 0.

This implies that here in this stage the Polkit simply assumes this process request arrived from a root process, and it immediately approves the request. Though this didn’t always work perfectly, but still it is frequently enough to keep the effort low.

Mitigation

According to the Red Hat report, currently, there are no such proper mitigations are available, if any available then they don’t need the criteria of Red Hat Product Security.

However, to remediate any possible risk that may emerge due to this bug, the experts have strongly recommended every user to immediately update their Linux installations as soon as possible.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

CISA Warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns organizations of a critical vulnerability...

Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information

A significant vulnerability (CVE-2024-20445) has been discovered in Cisco Desk Phone 9800 Series, IP...

Cisco Flaw Let Attackers Run Command as Root User

A critical vulnerability has been discovered in Cisco Unified Industrial Wireless Software, which affects...

Researchers Detailed Credential Abuse Cycle

The United States Department of Justice has unsealed an indictment against Anonymous Sudan, a...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Sophisticated Phishing Attack Targeting Ukraine Military Sectors

The Ukrainian Cyber Emergency Response Team discovered a targeted phishing campaign launched by UAC-0215...

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

Hardcoded Creds in Popular Apps Put Millions of Android and iOS Users at Risk

Recent analysis has revealed a concerning trend in mobile app security: Many popular apps...