exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 45 RSS Feed

CVE-2021-3560

Status Candidate

Overview

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Related Files

polkit Authentication Bypass
Posted Jun 11, 2023
Authored by Kevin Backhouse, GitHub Security Lab

Proof of concept exploit for an authentication bypass vulnerability in polkit.

tags | exploit, proof of concept, bypass
advisories | CVE-2021-3560
SHA-256 | 458437eef69ad8bf3f51e3b80d608d2052ad08a989fbda8025248aff1d4b2a27
Red Hat Security Advisory 2022-7119-01
Posted Oct 26, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-7119-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon and many client programs and libraries.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-2478, CVE-2021-2479, CVE-2021-2481, CVE-2021-35546, CVE-2021-35575, CVE-2021-35577, CVE-2021-35591, CVE-2021-35596, CVE-2021-35597, CVE-2021-35602, CVE-2021-35604, CVE-2021-35607, CVE-2021-35608, CVE-2021-35610
SHA-256 | 9929457a1f0fdfde3dde76a14383570ae0304a017f7e463a5abadc1debdeb8f3
Red Hat Security Advisory 2022-6518-01
Posted Sep 15, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-6518-01 - MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-2478, CVE-2021-2479, CVE-2021-2481, CVE-2021-35546, CVE-2021-35575, CVE-2021-35577, CVE-2021-35591, CVE-2021-35596, CVE-2021-35597, CVE-2021-35602, CVE-2021-35604, CVE-2021-35607, CVE-2021-35608, CVE-2021-35610
SHA-256 | d9eec42fe708f9d233c951743f92cb2a8dd602a11814b0fcdcf598156c4f5bd1
Red Hat Security Advisory 2022-4818-01
Posted May 31, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-4818-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-2154, CVE-2021-2166, CVE-2021-2372, CVE-2021-2389, CVE-2021-35604, CVE-2021-46657, CVE-2021-46658, CVE-2021-46662, CVE-2021-46666, CVE-2021-46667, CVE-2022-27385
SHA-256 | 0ab816c0409818c434abf2a05a67d1962bc7a39d504eccbe13d907a00d8000f6
Red Hat Security Advisory 2022-1556-01
Posted Apr 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1556-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-2154, CVE-2021-2166, CVE-2021-2372, CVE-2021-2389, CVE-2021-35604, CVE-2021-46657, CVE-2021-46658, CVE-2021-46662, CVE-2021-46666, CVE-2021-46667
SHA-256 | f1c69783af1c2a576f6d2fe8a921eca44f3f5f67e8fada605cebecdcdc089e7c
Red Hat Security Advisory 2022-1557-01
Posted Apr 27, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1557-01 - MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-2154, CVE-2021-2166, CVE-2021-2372, CVE-2021-2389, CVE-2021-35604, CVE-2021-46657, CVE-2021-46658, CVE-2021-46662, CVE-2021-46666, CVE-2021-46667
SHA-256 | 3158fc1129575174341c7fa063aa1194c07ab45a783012f0896772de28542d04
Red Hat Security Advisory 2022-1007-01
Posted Mar 23, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1007-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-2154, CVE-2021-2166, CVE-2021-2372, CVE-2021-2389, CVE-2021-35604, CVE-2021-46657, CVE-2021-46662, CVE-2021-46666, CVE-2021-46667
SHA-256 | ce07462a1501c987a2440081205eb708f1ce719bb26e12f1801968793ad136a6
Red Hat Security Advisory 2022-1010-01
Posted Mar 23, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-1010-01 - MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. Issues addressed include an integer overflow vulnerability.

tags | advisory, overflow
systems | linux, redhat
advisories | CVE-2021-2154, CVE-2021-2166, CVE-2021-2372, CVE-2021-2389, CVE-2021-35604, CVE-2021-46657, CVE-2021-46662, CVE-2021-46666, CVE-2021-46667
SHA-256 | e2f0b3d0237280bfe9ca2b4a1b6982996781f17805ce5490fa8e00a1f172e116
Red Hat Security Advisory 2022-0968-01
Posted Mar 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0968-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR7-FP5. Issues addressed include deserialization and integer overflow vulnerabilities.

tags | advisory, java, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2021-35550, CVE-2021-35603, CVE-2022-21248, CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365
SHA-256 | a30212491ea4821b7fde0bcaf4a2db6f6f9a910c995fa137ace8429ca59bce8c
Red Hat Security Advisory 2022-0969-01
Posted Mar 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0969-01 - IBM Java SE version 7 Release 1 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 7 to version 7R1 SR5-FP5. Issues addressed include deserialization and integer overflow vulnerabilities.

tags | advisory, java, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2021-35550, CVE-2021-35603, CVE-2022-21248, CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365
SHA-256 | 884c9441bde958f07d32536259e6bf0dbacffd55c6cd665bf1c4686c67cbedaa
Red Hat Security Advisory 2022-0970-01
Posted Mar 21, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0970-01 - IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR7-FP5. Issues addressed include deserialization and integer overflow vulnerabilities.

tags | advisory, java, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2021-35550, CVE-2021-35603, CVE-2022-21248, CVE-2022-21293, CVE-2022-21294, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365
SHA-256 | 14ad386d2ad8d88c80409f5d366b55521907fbd246e1e98fd96686120632fa70
Debian Security Advisory 5000-2
Posted Dec 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5000-2 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, incorrect Kerberos ticket use, selection of weak ciphers or information disclosure.

tags | advisory, java, denial of service, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35603
SHA-256 | bb28053ed741b4232cf1c304d7a1816d64dc77abf02ef0f7f4318db6ef2a9c3e
Ubuntu Security Notice USN-5202-1
Posted Dec 17, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5202-1 - Varnavas Papaioannou discovered that the FTP client implementation in OpenJDK accepted alternate server IP addresses when connecting with FTP passive mode. An attacker controlling an FTP server that an application connects to could possibly use this to expose sensitive information. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. Markus Loewe discovered that OpenJDK did not properly handle JAR files containing multiple manifest files. An attacker could possibly use this to bypass JAR signature verification. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 21.04. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-2341, CVE-2021-2369, CVE-2021-2388, CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35588, CVE-2021-35603
SHA-256 | 8d16582a2ede922c1e80ae93b16d8afa5e31ee481062df75eef99fc73ebfea3a
Polkit CVE-2021-3560 Overview
Posted Dec 16, 2021
Authored by Julio Cesar Baltazar Sainz

Whitepaper that gives an overview of the Polkit vulnerability as discussed in CVE-2021-3560. Written in Spanish.

tags | paper
advisories | CVE-2021-3560
SHA-256 | a41b8393ce5c22e793b28b10b8d6c72d64b22b0b06202998991ab9e195b4ef1c
Polkit CVE-2021-3560 Research
Posted Dec 10, 2021
Authored by Tanishq Sharma, Shikhar Saxena, Rushil Saxena

This document covers a vulnerability in policy kit (polkit) used on many Linux distributions, which enables an unprivileged local user to get a privileged shell (root) on the system by manually sending dbus messages to the dbus-daemon, then killing the request before it has been fully processed.

tags | exploit, paper, shell, local, root
systems | linux
advisories | CVE-2021-3560
SHA-256 | ff7bcacb2c7403598821beac18efca74a1f7003754707a0f87aff49223d1293a
Ubuntu Security Notice USN-5170-1
Posted Dec 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5170-1 - A security issue was discovered in MariaDB and this update includes new upstream MariaDB versions to fix the issue. MariaDB has been updated to 10.3.32 in Ubuntu 20.04 LTS and to 10.5.13 in Ubuntu 21.04 and Ubuntu 21.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-35604
SHA-256 | c65b4e4d27b4a8e5ea69f164428319672c272f4ac6e6ebbfb14fb929181e7895
Polkit Authentication Bypass / Local Privilege Escalation
Posted Nov 29, 2021
Authored by Sudhanshu Kumar, Rohit Verma, Sonam Nagar

This whitepaper provides an overview of a Polkit authentication bypass vulnerability that allows for local privilege escalation.

tags | exploit, paper, local, bypass
advisories | CVE-2021-3560
SHA-256 | 93e86eaad4a245a57200302487bb9941411bfdb877a212d1a63b777283e5ebdb
Debian Security Advisory 5000-1
Posted Nov 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5000-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, incorrect Kerberos ticket use, selection of weak ciphers or information disclosure.

tags | advisory, java, denial of service, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35603
SHA-256 | 0a3dec4f4b03ce1d6e5aa4dfe97b700b072f5d722ad5b2fa1bd46c2ab2cdaa80
Debian Security Advisory 5012-1
Posted Nov 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 5012-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, incorrect Kerberos ticket use, selection of weak ciphers or information disclosure.

tags | advisory, java, denial of service, vulnerability, info disclosure
systems | linux, debian
advisories | CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35603
SHA-256 | e83a47f083050475ac55df11961a83bfb42f62d09d3a5539b65b5db3449929a9
Red Hat Security Advisory 2021-4531-01
Posted Nov 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4531-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for Windows serves as the initial Windows release of OpenJDK 17. For further information, refer to the release notes linked to in the References section.

tags | advisory, java
systems | linux, redhat, windows
advisories | CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35603
SHA-256 | 082e65c3466680b61175b95ae62fefca45ebd9871a01dee85f8faf2d71bbe8db
Red Hat Security Advisory 2021-4532-01
Posted Nov 12, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4532-01 - The OpenJDK 17 packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. This release of the Red Hat build of OpenJDK 17 for portable Linux serves as the initial portable Linux release of OpenJDK 17. For further information, refer to the release notes linked to in the References section.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35603
SHA-256 | 75037d8d382efe0c1ddc771fc434d6b6db41fdce63eb4f8363ef0b0eaec0fd31
Red Hat Security Advisory 2021-4135-01
Posted Nov 10, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4135-01 - The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35603
SHA-256 | 1daf99b268e98fa429d906879b94d9f5cc597d47c6a4ceff9e835f38ecc6d388
Ubuntu Security Notice USN-5123-2
Posted Oct 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5123-2 - USN-5123-1 fixed several vulnerabilities in MySQL. This update provides the corresponding update for Ubuntu 16.04 ESM. Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.27 in Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.36. Various other issues were also addressed.

tags | advisory, vulnerability
systems | linux, ubuntu
advisories | CVE-2021-35604
SHA-256 | 2a953b82c3ee0eb9c18ee313147132497fc7e9b061b741f64020ad8dd3689d8c
Ubuntu Security Notice USN-5123-1
Posted Oct 25, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5123-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.27 in Ubuntu 20.04 LTS, Ubuntu 21.04, and Ubuntu 21.10. Ubuntu 18.04 LTS has been updated to MySQL 5.7.36. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Various other issues were also addressed.

tags | advisory
systems | linux, ubuntu
advisories | CVE-2021-2478, CVE-2021-35575, CVE-2021-35596, CVE-2021-35607, CVE-2021-35613, CVE-2021-35625, CVE-2021-35630, CVE-2021-35634, CVE-2021-35638, CVE-2021-35642, CVE-2021-35646
SHA-256 | 03ef87ee76a564e35d3eada5370139352a5018d39be7a294f3ac57f7b963ce35
Red Hat Security Advisory 2021-3967-01
Posted Oct 25, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-3967-01 - The OpenJDK 11 packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. This release of the Red Hat build of OpenJDK 11 for portable Linux serves as a replacement for the Red Hat build of OpenJDK 11 and includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2021-35550, CVE-2021-35556, CVE-2021-35559, CVE-2021-35561, CVE-2021-35564, CVE-2021-35565, CVE-2021-35567, CVE-2021-35578, CVE-2021-35586, CVE-2021-35603
SHA-256 | f5d8ffd6c68394f199da92fbff992e11b60f132459ad6709a03c0bbfc6514b5b
Page 1 of 2
Back12Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close