CVE-2021-3560: Red Hat Polkit Incorrect Authorization Vulnerability
First published: Tue May 18 2021(Updated: )
Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/polkit | <0:0.115-11.el8_4.1 | 0:0.115-11.el8_4.1 |
| redhat/polkit | <0:0.115-9.el8_1.1 | 0:0.115-9.el8_1.1 |
| redhat/polkit | <0:0.115-11.el8_2.1 | 0:0.115-11.el8_2.1 |
| redhat/cri-o | <0:1.20.3-6.rhaos4.7.git0d0f863.el8 | 0:1.20.3-6.rhaos4.7.git0d0f863.el8 |
| redhat/dhcp | <12:4.3.6-41.el8_3.1 | 12:4.3.6-41.el8_3.1 |
| redhat/openshift-clients | <0:4.7.0-202106252127.p0.git.8b4b094.el7 | 0:4.7.0-202106252127.p0.git.8b4b094.el7 |
| redhat/openshift-kuryr | <0:4.7.0-202106232224.p0.git.c7654fb.el8 | 0:4.7.0-202106232224.p0.git.c7654fb.el8 |
| redhat/polkit | <0:0.115-11.el8_3.2 | 0:0.115-11.el8_3.2 |
| redhat/redhat-virtualization-host | <0:4.4.6-20210615.0.el8_4 | 0:4.4.6-20210615.0.el8_4 |
| Polkit Project Polkit | <0.119 | |
| Debian Debian Linux | =11.0 | |
| Canonical Ubuntu Linux | =20.04 | |
| Redhat Virtualization | =4.0 | |
| Redhat Virtualization Host | =4.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Redhat Openshift Container Platform | =4.7 | |
| Redhat Enterprise Linux | =7.0 | |
| All of | ||
| Any of | ||
| Redhat Virtualization | =4.0 | |
| Redhat Virtualization Host | =4.0 | |
| Redhat Enterprise Linux | =8.0 | |
| All of | ||
| Redhat Openshift Container Platform | =4.7 | |
| Any of | ||
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| Red Hat Polkit | ||
| redhat/polkit | <0.119 | 0.119 |
| <0.119 | ||
| =11.0 | ||
| =20.04 | ||
| All of | ||
| Any of | ||
| =4.0 | ||
| =4.0 | ||
| =8.0 | ||
| All of | ||
| =4.7 | ||
| Any of | ||
| =7.0 | ||
| =8.0 |
Remedy
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2021-3560 https://nvd.nist.gov/vuln/detail/CVE-2021-3560 https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
- https://bugzilla.redhat.com/show_bug.cgi?id=1961710
- https://access.redhat.com/errata/RHSA-2021:2238
- https://access.redhat.com/errata/RHSA-2021:2236
- https://access.redhat.com/errata/RHSA-2021:2237
- https://access.redhat.com/errata/RHSA-2021:2555
- https://access.redhat.com/errata/RHSA-2021:2522
- https://access.redhat.com/security/cve/cve-2021-3560
- http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html
- https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
- http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1967424
- https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81
- https://gitlab.freedesktop.org/polkit/polkit/-/issues/140
- https://bugzilla.redhat.com/show_bug.cgi?id=1961710;
- https://nvd.nist.gov/vuln/detail/CVE-2021-3560
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is CVE-2021-3560?
CVE-2021-3560 is a vulnerability in Red Hat Polkit that allows unprivileged local attackers to bypass credential checks and elevate their privileges.
How does CVE-2021-3560 impact Red Hat Polkit?
CVE-2021-3560 allows unprivileged local attackers to bypass credential checks and gain root access, potentially allowing them to create a new local administrator.
What is the severity of CVE-2021-3560?
The severity of CVE-2021-3560 is high, with a CVSS score of 7.8.
How can I fix CVE-2021-3560?
To fix CVE-2021-3560, users should update Red Hat Polkit to version 0.119 or apply the appropriate security patch provided by Red Hat.
Where can I find more information about CVE-2021-3560?
For more information about CVE-2021-3560, you can refer to the following resources: [Bugzilla - CVE-2021-3560](https://bugzilla.redhat.com/show_bug.cgi?id=1961710), [Bugzilla - CVE-2021-3560](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1967424), [Red Hat Security Advisory - RHSA-2021:2236](https://access.redhat.com/errata/RHSA-2021:2236)
- collector/redhat-cve
- agent/type
- agent/weakness
- agent/first-publish-date
- agent/severity
- agent/remedy
- agent/title
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2021-3560
- agent/references
- agent/tags
- collector/nvd-cve
- agent/softwarecombine
- agent/event
- package-manager/redhat
- vendor/polkit project
- canonical/polkit project polkit
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/11.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/20.04
- vendor/redhat
- canonical/redhat virtualization
- version/redhat virtualization/4.0
- canonical/redhat virtualization host
- version/redhat virtualization host/4.0
- canonical/redhat enterprise linux
- version/redhat enterprise linux/8.0
- canonical/redhat openshift container platform
- version/redhat openshift container platform/4.7
- version/redhat enterprise linux/7.0
- vendor/red hat
- canonical/red hat polkit