Search This Blog

Showing posts with label GitHub Security Lab. Show all posts

GitHub Releases Key Findings of an Easy-to-Exploit Linux flaw

 

Kevin Backhouse, a researcher at GitHub Security Lab revealed the details of an easy-to-exploit Linux flaw that can be exploited to escalate privileges to root on the targeted system. The vulnerability, classified as highly critical and termed as CVE-2021-3560, affects polkit, a system service installed by default on many Linux distributions.

On Thursday, Kevin published a blog post explaining his findings, as well as a short video detailing the exploit in polkit. A local, unprivileged attacker can use the flaw to escalate privileges to root with only a few commands executed in the terminal. 

Security researchers have admitted the vulnerability termed CVE-2021-3560 impacts some versions of Red Hat Enterprise Linux, Fedora, Debian, and Ubuntu. On June 3, a patch for CVE-2021-3560 was released. 

“The bug I found was quite old. It was introduced seven years ago in commit bfa5036 and first shipped with polkit version 0.113. However, many of the most popular Linux distributions didn’t ship the vulnerable version until more recently,” Backhouse stated.

“The bug has a slightly different history on Debian and its derivatives (such as Ubuntu) because Debian uses a fork of polkit with a different version numbering scheme. In the Debian fork, the bug was introduced in commit f81d021 and first shipped with version 0.105-26. The most recent stable release of Debian, Debian 10 (“buster”), uses version 0.105-25, which means that it isn’t vulnerable, ”Backhouse further added. 

Polkit is a system service developed for controlling system-wide privileges, creating a way for non-privileged processes to communicate with privileged processes. Backhouse described it as a service that plays the role of a judge, determining whether an action initiated by a user — specifically one that requires higher privileges — can be carried out directly or requires additional authorization, such as entering a password.

The vulnerability identified by the researcher is easy to manipulate, with just a few commands in the terminal. However, due to some timing requirements, it normally takes a few attempts for the exploit to be successful.

CVE-2021-3560 allows an unprivileged local hacker to gain root privileges. It’s very simple and quick to exploit, so users must update their installations as quickly as possible. Any system that has polkit version 0.113 (or later) installed is vulnerable. That includes popular distributions such as RHEL 8 and Ubuntu 20.04.