Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2021:2238

Опубликовано: 03 июн. 2021
Источник: rocky
Оценка: Important

Описание

Important: polkit security update

The polkit packages provide a component for controlling system-wide privileges. This component provides a uniform and organized way for non-privileged processes to communicate with privileged ones.

Security Fix(es):

  • polkit: local privilege escalation using polkit_system_bus_name_get_creds_sync() (CVE-2021-3560)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
polkit-docsnoarch11.el8_4.1polkit-docs-0.115-11.el8_4.1.noarch.rpm
polkit-develi68611.el8_4.1polkit-devel-0.115-11.el8_4.1.i686.rpm
polkit-develx86_6411.el8_4.1polkit-devel-0.115-11.el8_4.1.x86_64.rpm
polkit-libsx86_6411.el8_4.1polkit-libs-0.115-11.el8_4.1.x86_64.rpm
polkit-libsi68611.el8_4.1polkit-libs-0.115-11.el8_4.1.i686.rpm
polkitx86_6411.el8_4.1polkit-0.115-11.el8_4.1.x86_64.rpm

Показывать по

Связанные CVE

CVE-2021-3560

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2021-3560

CVSS3: 7.8
ubuntu
почти 4 года назад

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

redhat логотип

CVE-2021-3560

CVSS3: 7.8
redhat
больше 4 лет назад

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

nvd логотип

CVE-2021-3560

CVSS3: 7.8
nvd
почти 4 года назад

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

msrc логотип

CVE-2021-3560

CVSS3: 7.8
msrc
почти 4 года назад

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to for example create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

debian логотип

CVE-2021-3560

CVSS3: 7.8
debian
почти 4 года назад

It was found that polkit could be tricked into bypassing the credentia ...