CVE-2021-3560 - log back

CVE-2021-3560 edited at 11 Jun 2021 09:57:59
References
https://www.openwall.com/lists/oss-security/2021/06/03/1
https://bugzilla.redhat.com/show_bug.cgi?id=1961710
+ https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81
CVE-2021-3560 edited at 03 Jun 2021 15:00:26
References
+ https://www.openwall.com/lists/oss-security/2021/06/03/1
https://bugzilla.redhat.com/show_bug.cgi?id=1961710
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81
CVE-2021-3560 edited at 03 Jun 2021 14:35:15
References
https://bugzilla.redhat.com/show_bug.cgi?id=1961710
- https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13a
+ https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13affe0fa53ff618e07aa8f57f4c0e3b9b81
CVE-2021-3560 edited at 03 Jun 2021 14:27:23
References
https://bugzilla.redhat.com/show_bug.cgi?id=1961710
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13a
- https://gitlab.freedesktop.org/polkit/polkit/-/issues/140
CVE-2021-3560 edited at 03 Jun 2021 14:20:21
References
https://bugzilla.redhat.com/show_bug.cgi?id=1961710
+ https://gitlab.freedesktop.org/polkit/polkit/-/commit/a04d13a
+ https://gitlab.freedesktop.org/polkit/polkit/-/issues/140
CVE-2021-3560 edited at 03 Jun 2021 08:38:36
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ A security issue was found in polkit before version 0.119. When a requesting process disconnects from dbus-daemon just before the call to polkit_system_bus_name_get_creds_sync starts, the process cannot get a unique uid and pid of the process and it cannot verify the privileges of the requesting process.
References
+ https://bugzilla.redhat.com/show_bug.cgi?id=1961710
Notes
CVE-2021-3560 created at 03 Jun 2021 08:35:54