module
Polkit D-Bus Authentication Bypass
| Disclosed |
|---|
| Jun 3, 2021 |
Disclosed
Jun 3, 2021
Description
A vulnerability exists within the polkit system service that can be leveraged by a local, unprivileged
attacker to perform privileged operations. In order to leverage the vulnerability, the attacker invokes a
method over D-Bus and kills the client process. This will occasionally cause the operation to complete without
being subjected to all of the necessary authentication.
The exploit module leverages this to add a new user with a sudo access and a known password. The new account
is then leveraged to execute a payload with root privileges.
attacker to perform privileged operations. In order to leverage the vulnerability, the attacker invokes a
method over D-Bus and kills the client process. This will occasionally cause the operation to complete without
being subjected to all of the necessary authentication.
The exploit module leverages this to add a new user with a sudo access and a known password. The new account
is then leveraged to execute a payload with root privileges.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.