A vulnerability exists within the polkit system service that can be leveraged by a local, unprivileged attacker to perform privileged operations. In order to leverage the vulnerability, the attacker invokes a method over D-Bus and kills the client process. This will occasionally cause the operation to complete without being subjected to all of the necessary authentication. The exploit module leverages this to add a new user with a sudo access and a known password. The new account is then leveraged to execute a payload with root privileges.
You May Also Like
Backdoor.Win32.Bifrose.acci Buffer Overflow
Backdoor.Win32.Bifrose.acci malware suffers from a buffer overflow vulnerability that can allow for…
- cybersecurityredflag_sdevzw
- July 26, 2021
Backdoor.Win32.Zdemon.126 Remote Command Execution
Backdoor.Win32.Zdemon.126 malware suffers from an unauthenticated remote command execution vulnerability.
- cybersecurityredflag_sdevzw
- August 6, 2021
Backdoor.Win32.Surila.j Denial Of Service
Backdoor.Win32.Surila.j malware suffers from a denial of service vulnerability.
- cybersecurityredflag_sdevzw
- July 13, 2021
Iranian APT Lures Defense Contractor in Catfishing-Malware Scam
Fake aerobics-instructor profile delivers malware in a supply-chain attack attempt from TA456.
- cybersecurityredflag_sdevzw
- August 3, 2021