Vulnerability in Linux distributions allows threat actors to escalate privileges

Cybersecurity specialists report the detection of an authentication bypass flaw in the polkit authentication system service, included by default in the most modern Linux distributions. Tracked as CVE-2021-3560, the flaw was publicly revealed and updated on June 3.

According to Kevin Backhouse, a GitHub Security researcher who published the report, the flaw has existed since the release of polkit v0.113.

While there are many recent Linux distributions that have not been shipped with the vulnerable version of polkit, the report notes that any distribution with polkit v0.113 or higher could be exposed to a security incident. Affected distributions include RHEL 8, Fedora 21, Ubuntu 20.04 and some unstable versions such as Debian Testing.

The exploitation of this flaw is relatively trivial, as only a few terminal commands are required using conventional tools such as bash, kill and dbus-send. Backhouse included in its report a demonstration of the attack: “When a request process disconnects from the dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync begins, the process cannot obtain a unique uid and pid from the process and cannot verify the privileges of the request process. , the report states.

The main risk arising from the exploitation of this attack is the extraction of confidential data, which would put the integrity of the target system at risk.

Due to the triviality of the exploitation, users of affected deployments are encouraged to update as soon as possible. The report also includes technical details about the polkit architecture and the process of exploiting the vulnerability.

In a separate report, researchers at security firm Grimm reported the discovery of security vulnerabilities in the Linux kernel iSCSI system present in all operating system distributions. While the vulnerable kernel is not loaded by default, a threat actor could load and exploit the faulty module; the vulnerabilities would also allow malicious hackers to perform privilege escalation on updated Linux systems.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.