[CVE-2021-3560] Red Hat Polkit Incorrect Authorization Vulnerability

NVD 상세 정보

설명: It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CWE: CWE-863 | CWE-754

참조

• http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html [Third Party Advisory, VDB Entry]
• http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html [Third Party Advisory, VDB Entry]
• https://bugzilla.redhat.com/show_bug.cgi?id=1961710 [Issue Tracking, Patch, Vendor Advisory]
• https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/ [Exploit, Third Party Advisory]
• http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html [Third Party Advisory, VDB Entry]
• http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html [Third Party Advisory, VDB Entry]
• https://bugzilla.redhat.com/show_bug.cgi?id=1961710 [Issue Tracking, Patch, Vendor Advisory]
• https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/ [Exploit, Third Party Advisory]
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3560 [US Government Resource]