Nasty Linux systemd Root Level Security Bug Revealed and Patched

by
janrinok
from SoylentNews on (#5K6C9)

upstart writes:

Nasty Linux systemd root level security bug revealed and patched:

This obnoxious Linux systemd bug has been fixed, which means if you're running most recent Linux distributions, you'll need to patch it now.

The good news is the seven-year-old security bug in Linux systemd's polkit, used in many Linux distros, has been patched. The bad news is that it was ever there in the first place. Polkit, which systemd uses in place of sudo, enables unauthorized users to run privileged processes they'd otherwise couldn't run. It turned out that you could also abuse polkit to get root access to a system.

The power to grab root privileges is the ultimate evil in Unix and Linux systems. Kevin Backhouse, a member of the GitHub Security Lab, found the polkit security hole in the course of his duties. He revealed it to the polkit maintainers and Red Hat's security team. Then, when a fix was released on June 3, 2021, it was publicly disclosed as CVE-2021-3560.

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments