A seven-year-old privilege escalation vulnerability that's been lurking in several Linux distributions was patched last week in a coordinated disclosure.
In a blog post on Thursday, GitHub security researcher Kevin Backhouse recounted how he found the bug (CVE-2021-3560) in a service called polkit associated with systemd, a common Linux system and service manager component.
Introduced in commit bfa5036 seven years ago and initially shipped in polkit version 0.113, the bug traveled different paths in different Linux distributions. For example, it missed Debian 10 but it made it to the seven linux service polkit patched
![[Bug 256545] securuty/ossec-hids-server 3.6.0_1 rc script fails to generate ossec.conf agent.conf](upload/sources/90591557817151.jpg)
