Vulnerabilities 7 years ago spread to Linux distributions, RHEL 8 and Ubuntu 20.04 are both affected

Recently, GitHub disclosed a Linux vulnerability that can elevate the permissions of a local user with insufficient permissions to root permissions, and the entire process only requires a few simple commands. As shown in the following video:

https://www.qq.com/video/o3253nwp4vk

The vulnerability is attacked by polkit. Polkit is a system service installed by default in many Linux distributions and is used by systemd. Therefore, Linux distributions that use systemd will also use polkit. Because of this, this vulnerability affects many Linux distributions.

Kevin Backhouse, a member of the GitHub Security Lab, was the first to discover this vulnerability, and it was announced after coordination with polkit maintainers and the Red Hat security team. The vulnerability patch was also released on June 3. The code name of the vulnerability is CVE-2021-3560.

The bug appeared 7 years ago and has recently penetrated popular Linux distributions

Kevin Backhouse introduced in his blog: This bug is actually quite old. It was introduced when bfa5036 was submitted 7 years ago, and it first appeared in polkit 0.113. However, many of the most popular Linux distributions did not install the polkit version with this vulnerability until recently...

The following table lists some of the affected Linux distributions, Red Hat Enterprise Linux (RHEL), Fedora, Debian, and Ubuntu are all affected.

polkit is a system service installed by default in multiple Linux distributions and is responsible for managing system permissions. If the user needs higher permissions, polkit needs to make a judgment. For some requests, polkit will immediately make a decision to allow or deny, but sometimes polkit will pop up a dialog box asking the administrator to enter a password for authorization.

However, the CVE-2021-3560 vulnerability destroys the operating mechanism of polkit: an unprivileged local attacker only needs to execute a few commands (such as bash, kill, and dbus-send) on the terminal to elevate the permissions to root permissions.

The following figure shows the five main processes involved after executing the dbus-send command:

Kevin Backhouse said that exploiting the vulnerability is easy to launch attacks, so users need to update the Linux installation as soon as possible. Linux systems with polkit 0.113 (or higher) are at risk, including popular Linux distributions RHEL 8 and Ubuntu 20.04.

Reference link: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/#exploitation