Nasty Linux systemd root level security bug revealed and patched
Nasty Linux systemd root level security bug revealed and patched
https://www.zdnet.com/article/nasty-lin ... d-patched/
Anyone heard about this? I would guess that DC hosts aren't likely to be vulnerable.
Anyone heard about this? I would guess that DC hosts aren't likely to be vulnerable.
Re: Nasty Linux systemd root level security bug revealed and patched
Shit, I need to update the site server. No laptop so it'll have to wait till I get home.
Re: Nasty Linux systemd root level security bug revealed and patched
Debian:
unstable (sid) and testing (bullseye) were affected
10 (buster) and 9 (stretch) are not affected
Ubuntu:
21.04, 20.10, 20.04 were affected
18.04, 16.04, 14.04 are not affected
Red Hat:
Fedora, RHEL 8.2, 8.1, 8 were affected
unstable (sid) and testing (bullseye) were affected
10 (buster) and 9 (stretch) are not affected
Ubuntu:
21.04, 20.10, 20.04 were affected
18.04, 16.04, 14.04 are not affected
Red Hat:
Fedora, RHEL 8.2, 8.1, 8 were affected
A scientific application which you downloaded e.g. via boinc, then execute as an unprivileged user such as the boinc user, could elevate its privileges to root if it contained respective malicious code.
Re: Nasty Linux systemd root level security bug revealed and patched
Debian 10 isn't affected? Then no worries here since we're running 10.9 on the server.
Re: Nasty Linux systemd root level security bug revealed and patched
Debian 10 hosts should have polkit 0.105-25 installed. Debian introduced the upstream bug via a backport into 0.105-26. That's why only unstable and testing were affected. (They are now fixed with polkit 0.105-31. Which you don't need if you have 0.105-25 or older.)
Re: Nasty Linux systemd root level security bug revealed and patched
I can't figure out how to implement the fix, nor even how to get meaningful version info out of my hosts. pkcheck --version returns only "0.105".
Re: Nasty Linux systemd root level security bug revealed and patched
Here's a download page for polkit:
https://www.freedesktop.org/software/polkit/releases/
Now I need to figure out how to "make" it go.
https://www.freedesktop.org/software/polkit/releases/
Now I need to figure out how to "make" it go.
- biodoc
- TAAT Member
- Reactions:
- Posts: 1014
- Joined: Sun Sep 15, 2019 3:22 pm
- Location: Massachusetts, USA
Re: Nasty Linux systemd root level security bug revealed and patched
It appears to me it's already been fixed with a patch on my systems.
Open up synaptic package manager, search for polkit and then get changelog for the package you are interested in checking.
Code: Select all
policykit-1 (0.105-26ubuntu1.1) focal-security; urgency=medium
* SECURITY UPDATE: local privilege escalation using
polkit_system_bus_name_get_creds_sync()
- debian/patches/CVE-2021-3560.patch: use proper return code in
src/polkit/polkitsystembusname.c.
- CVE-2021-3560
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 26 May 2021 07:50:16 -0400
Re: Nasty Linux systemd root level security bug revealed and patched
Thanks, biodoc! I went ahead and updated all my rigs after the PrimeGrid challenge ended, and it looks to me like the patch was included in those updates. Seems there should be a quick and easy way to get the pertinent info from a command prompt, though.