Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 794052 (CVE-2021-3560) - <sys-auth/polkit-0.119: local privilege escalation using polkit_system_bus_name_get_creds_sync() (CVE-2021-3560)
Summary: <sys-auth/polkit-0.119: local privilege escalation using polkit_system_bus_na...
Status: CONFIRMED
Alias: CVE-2021-3560
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://marc.info/?l=oss-security&m=1...
Whiteboard: B1 [glsa+ cleanup cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-06-03 16:07 UTC by Hank Leininger
Modified: 2021-07-13 02:35 UTC (History)
5 users (show)

See Also:
Package list:
sys-auth/polkit-0.119-r2
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hank Leininger 2021-06-03 16:07:11 UTC
From $URL:

"The vulnerability can be reliably used by an unprivileged local attacker
to bypass authorization and escalate permissions up to the root user."

There is a polkit issue URL, https://gitlab.freedesktop.org/polkit/polkit/-/issues/140, but that 404's.

polkit-0.119 was released an hour ago w/a fix.
Comment 1 Sam James archtester gentoo-dev Security 2021-06-03 16:30:43 UTC
Thank you!
Comment 2 Hank Leininger 2021-06-03 16:59:54 UTC
(In reply to Sam James from comment #1)
> Thank you!

Welcome! I beat you for once, 9 times out of 10 when I check on a new vuln you've already created a bug for it ;)
Comment 3 Larry the Git Cow gentoo-dev 2021-06-03 17:57:45 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=24b2771a8a9c131fbe598b9725f3e9e61247f131

commit 24b2771a8a9c131fbe598b9725f3e9e61247f131
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2021-06-03 17:56:58 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2021-06-03 17:57:39 +0000

    sys-auth/polkit: Security bump to version 0.119
    
    Bug: https://bugs.gentoo.org/794052
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 sys-auth/polkit/Manifest            |   1 +
 sys-auth/polkit/polkit-0.119.ebuild | 131 ++++++++++++++++++++++++++++++++++++
 2 files changed, 132 insertions(+)
Comment 4 John Helmert III gentoo-dev Security 2021-06-03 18:26:53 UTC
No, this isn't fixed yet.
Comment 5 Sam James archtester gentoo-dev Security 2021-06-03 19:57:03 UTC
amd64 done
Comment 6 Sam James archtester gentoo-dev Security 2021-06-03 19:57:29 UTC
x86 done
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2021-06-07 07:09:03 UTC
ppc64 stable
Comment 8 NATTkA bot gentoo-dev 2021-06-24 23:28:23 UTC Comment hidden (obsolete)
Comment 9 NATTkA bot gentoo-dev 2021-06-27 02:12:23 UTC Comment hidden (obsolete)
Comment 10 Sam James archtester gentoo-dev Security 2021-07-12 06:37:24 UTC
arm done
Comment 11 Sam James archtester gentoo-dev Security 2021-07-12 21:56:05 UTC
arm64 done

all arches done
Comment 12 John Helmert III gentoo-dev Security 2021-07-13 00:14:30 UTC
Please cleanup.
Comment 13 John Helmert III gentoo-dev Security 2021-07-13 00:16:41 UTC
GLSA request filed.
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2021-07-13 02:33:07 UTC
This issue was resolved and addressed in
 GLSA 202107-31 at https://security.gentoo.org/glsa/202107-31
by GLSA coordinator John Helmert III (ajak).
Comment 15 John Helmert III gentoo-dev Security 2021-07-13 02:35:39 UTC
Reopening for cleanup