Lucene search
Iyaad Luqman KEDB-ID:51674HistoryAug 10, 2023 - 12:00 a.m.
systemd 246 - Local Privilege Escalation
2023-08-1000:00:00
Iyaad Luqman K
www.exploit-db.com
376
systemd systemd_246 privilege_escalation vulnerability local_attacker root_privileges cve-2023-26604 ubuntu_22.04 systemctl_status arbitrary_commands.
0.0005 Low
EPSS
Percentile
17.2%
# Exploit Title: systemd 246 - Local Privilege Escalation
# Exploit Author: Iyaad Luqman K (init_6)
# Application: systemd 246
# Tested on: Ubuntu 22.04
# CVE: CVE-2023-26604
systemd 246 was discovered to contain Privilege Escalation vulnerability, when the `systemctl status` command can be run as root user.
This vulnerability allows a local attacker to gain root privileges.
## Proof Of Concept:
1. Run the systemctl command which can be run as root user.
sudo /usr/bin/systemctl status any_service
2. The ouput is opened in a pager (less) which allows us to execute arbitrary commands.
3. Type in `!/bin/sh` in the pager to spawn a shell as root user.Related
nessus
nessus
Rocky Linux 8 : systemd (RLSA-2023:3837)
2023-08-31 00:00:00
Oracle Linux 8 : systemd (ELSA-2023-3837)
2023-07-20 00:00:00
AlmaLinux 8 : systemd (ALSA-2023:3837)
2023-06-30 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-26604 affecting package systemd 239-43
2023-04-20 19:17:28
openvas
openvas
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2024-1707)
2024-05-17 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2023-2470)
2023-07-31 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2023-2495)
2023-07-31 00:00:00
nvd
nvd
CVE-2023-26604
2023-03-03 16:15:10
CVE-2023-1326
2023-04-13 23:15:07
veracode
veracode
Privilege Escalation
2023-03-09 21:02:25
redhat
redhat
(RHSA-2023:3837) Moderate: systemd security and bug fix update
2023-06-27 13:35:46
(RHSA-2024:1105) Moderate: systemd security update
2024-03-05 10:44:55
(RHSA-2023:4276) Moderate: DevWorkspace Operator Security Update
2023-07-25 18:29:37
debian
debian
[SECURITY] [DLA 3377-1] systemd security update
2023-03-31 20:56:09
osv
osv
Moderate: systemd security and bug fix update
2023-06-27 00:00:00
Moderate: systemd security and bug fix update
2023-08-31 16:54:20
systemd - security update
2023-03-31 00:00:00
debiancve
debiancve
CVE-2023-26604
2023-03-03 16:15:10
cvelist
cvelist
CVE-2023-26604
2023-03-03 00:00:00
CVE-2023-1326 local privilege escalation in apport-cli
2023-04-13 22:35:19
zdt
zdt
systemd 246 - Local Privilege Escalation Vulnerability
2023-08-10 00:00:00
ubuntucve
ubuntucve
CVE-2023-26604
2023-03-03 00:00:00
CVE-2023-1326
2023-04-13 00:00:00
oraclelinux
oraclelinux
systemd security and bug fix update
2023-07-20 00:00:00
ibm
ibm
redhatcve
redhatcve
CVE-2023-26604
2023-03-06 06:59:19
prion
prion
Design/Logic Flaw
2023-03-03 16:15:00
Privilege escalation
2023-04-13 23:15:00
almalinux
almalinux
Moderate: systemd security and bug fix update
2023-06-27 00:00:00
cve
cve
CVE-2023-26604
2023-03-03 16:15:10
CVE-2023-1326
2023-04-13 23:15:07
amazon
amazon
Important: systemd
2023-03-30 18:55:00
packetstorm
packetstorm
systemd 246 Local Root Privilege Escalation
2023-08-11 00:00:00
rocky
rocky
systemd security and bug fix update
2023-08-31 16:54:20
redos
redos
ROS-20240425-05
2024-04-25 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00