CVE-2021-3560_PoC
polkit exploit script
Automated script for escalating to root using polkit service
Requirements
- SSH server (this is to avoid having authentication popups through GNOME)
- Vulnerable Linux distribution:
| Distribution | Vulnerable? |
|---|---|
| RHEL 7 | No |
| RHEL 8 | Yes |
| Fedora 20 (or earlier) | No |
| Fedora 21 (or later) | Yes |
| Debian 10 (“buster”) | No |
| Debian testing (“bullseye”) | Yes |
| Ubuntu 18.04 | No |
| Ubuntu 20.04 | Yes |
Usage Guide
ssh localhost
git clone https://github.com/tyleraharrison/CVE-2021-3560_PoC.git
cd CVE-2021-3560_PoC
./polkitRoot.shKnown Issues
- Solution to needing to brute-force is poorly written recursion
- Line-endings may need to be changed with
dos2unix polkitRoot.shbecause GitHub changed them to CRLF and Bash does not like that
Tested in Ubuntu 20.04
Reference: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/