Unauthorized attackers can obtain a root shell by exploiting an authentication bypass vulnerability in the polkit system service that is installed by default on many modern Linux distributions.
The local polkit scaling error (referred to as CVE-2021-3560) was publicly disclosed and a patch was released on June 3, 2021.
It was introduced seven years ago in version 0.113 and was recently discovered by GitHub Security Lab researcher Kevin Backhouse.
Although many Linux distributions have not been released with the vulnerable polkit version until recently, any Linux system with polkit 0.113 or later installed is exposed to attacks.
The list of vulnerable distributions announced by Backhouse includes popular distros such as RHEL 8, Fedora 21 (or later), Ubuntu 20.04, as well as unstable versions such as Debian testing ("bullseye").
Taking advantage of the vulnerability is surprisingly easy as you only need a few terminal commands using only standard tools like bash, kill and dbus-send - a video demo provided by Backhouse is embedded below.
The researcher says the vulnerability is "very simple and fast to exploit, so it's important to update your Linux installation as soon as possible."
Technical details about the architecture of the polkit and how to exploit the vulnerability are provided by the security researcher in this suspension.
Source of information: bleepingcomputer.com