polkit exploit script
Automated script for escalating to root using polkit service
- SSH server (this is to avoid having authentication popups through GNOME)
- Vulnerable Linux distribution:
Distribution | Vulnerable? |
---|---|
RHEL 7 | No |
RHEL 8 | Yes |
Fedora 20 (or earlier) | No |
Fedora 21 (or later) | Yes |
Debian 10 (“buster”) | No |
Debian testing (“bullseye”) | Yes |
Ubuntu 18.04 | No |
Ubuntu 20.04 | Yes |
ssh localhost
git clone https://github.com/tyleraharrison/CVE-2021-3560_PoC.git
cd CVE-2021-3560_PoC
./polkitRoot.sh
- Solution to needing to brute-force is poorly written recursion
- Line-endings may need to be changed with
dos2unix polkitRoot.sh
because GitHub changed them to CRLF and Bash does not like that
Tested in Ubuntu 20.04
Reference: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/