CVE-2021-3560_PoC

polkit exploit script

Automated script for escalating to root using polkit service

Requirements

SSH server (this is to avoid having authentication popups through GNOME)
Vulnerable Linux distribution:

Distribution	Vulnerable?
RHEL 7	No
RHEL 8	Yes
Fedora 20 (or earlier)	No
Fedora 21 (or later)	Yes
Debian 10 (“buster”)	No
Debian testing (“bullseye”)	Yes
Ubuntu 18.04	No
Ubuntu 20.04	Yes

Usage Guide

ssh localhost
git clone https://github.com/tyleraharrison/CVE-2021-3560_PoC.git
cd CVE-2021-3560_PoC
./polkitRoot.sh

Known Issues

Solution to needing to brute-force is poorly written recursion
Line-endings may need to be changed with dos2unix polkitRoot.sh because GitHub changed them to CRLF and Bash does not like that

Tested in Ubuntu 20.04

Reference: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
README.md		README.md
polkitRoot.sh		polkitRoot.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

README.md

README.md

polkitRoot.sh

polkitRoot.sh

Repository files navigation

CVE-2021-3560_PoC

Requirements

Usage Guide

Known Issues

About

Releases

Packages

Languages

iSTAR-Lab/CVE-2021-3560_PoC

Folders and files

Latest commit

History

README.md

README.md

polkitRoot.sh

polkitRoot.sh

Repository files navigation

CVE-2021-3560_PoC

Requirements

Usage Guide

Known Issues

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages