A seven-year-old Linux local privilege escalation bug has reared its head and finally gotten a fix. When it was available, exploiting the vulnerability in the polkit authentication service could have allowed attackers to get a root shell on several actively-used Linux distros including RHEL 8, Fedora 21 or later and Ubuntu 20.04. Patch now!
On Linux, polkit is effectively a bouncer of sorts who decides whether a user is allowed to do something that requires higher privileges. Discovered by security researcher Kevin Backhouse, the polkit bug that allows users to break this security was introduced in a commit that shipped with service version .0113 over seven years ago.
To exploit this, it only takes a few terminal commands to create a user that is a member of the sudo-group. As it is easy to complete and the “highest threat from this vulnerability is to data confidentiality and integrity as well as system availability,” Red Hat has rated the CVE at 7.8 on the 10-point scale. You can see what exploiting this would look like in the proof-of-concept video above, created by Keven Backhouse on GitHub’s YouTube channel.