Linux local privilege escalation using authentication bypass vulnerability in polkit CVE-2021-3560

Kevin Backhouse walks through a vulnerability in polkit, a widely used system service, here in Ubuntu 20.04, but also used in other distributions such as Fedora and RHEL 8. Using a combination of dbus-send, sleep, and kill, Kevin gets a root shell.

For an in-depth discussion of this vulnerability:
https://github.blog/2021-06-10-privil...

• #science_technology
• #software_vulnerability
• #linux
• #policykit
• #devops
• #polkit
• #change_polkit
• #polkit_vulnerability
• #how_to_polkit
• #how_to_change_polkit