In the latest developments, GitHub has newly reported an easy-to-exploit Linux security flaw that can be potentially exploited to escalate to root on the targeted system affecting Polkit.
Easy to exploit Linux security flaw:
To the unaware, Polkit is a component for controlling system-wide privileges. It provides an organized way for non-privileged processes to communicate with privileged ones. Polkit allows a level of control of centralized system policy.
The authorization service is present as default in many Linux systems. Polkit is also described as a service that plays the role of a judge, determining whether an action initiated by a user — specifically one that requires higher privileges — can be carried out directly or requires additional authorization, such as entering a password, as was put forth by the security experts who found the vulnerability in the first place.
Exploit for privilege escalation:
The flaw is discovered by security expert Kevin Backhouse who is part of the GitHub Security Lab. The details of his findings were posted alongside an explanatory video providing further research expertise on the Linux security flaw.
The Linux vulnerability can be potentially exploited by an unprivileged threat actor that can escalate privileges to root with only a limited amount of commands executed in the terminal.
The vulnerability has also been found to be impacting certain versions of Red Hat Enterprise Linux, Fedora, Debian, and Ubuntu.
“The bug I found was quite old,” notes Kevin Backhouse. “It was introduced seven years ago in commit bfa5036 and first shipped with polkit version 0.113. However, many of the most popular Linux distributions didn’t ship the vulnerable version until more recently.”
Security experts are of the opinion that what is concerning is that the vulnerability is easy to exploit, as the name suggests. With only a few commands in the terminal, an experienced attacker may be able to exploit it in a fluid fashion.
It s important to note that even though the vulnerability is easy to exploit, due to certain timing requirements, it generally takes a few tries for the exploit to be successful.
A patch for the Linux vulnerability, CVE-2021-3560 was released on June 3.