Lucene search
Iyaad Luqman KPACKETSTORM:174130HistoryAug 11, 2023 - 12:00 a.m.
systemd 246 Local Root Privilege Escalation
2023-08-1100:00:00
Iyaad Luqman K
packetstormsecurity.com
272
systemd vulnerability privilegeescalation
EPSS
0.001
Percentile
17.0%
`# Exploit Title: systemd 246 - Local Privilege Escalation
# Exploit Author: Iyaad Luqman K (init_6)
# Application: systemd 246
# Tested on: Ubuntu 22.04
# CVE: CVE-2023-26604
systemd 246 was discovered to contain Privilege Escalation vulnerability, when the `systemctl status` command can be run as root user.
This vulnerability allows a local attacker to gain root privileges.
## Proof Of Concept:
1. Run the systemctl command which can be run as root user.
sudo /usr/bin/systemctl status any_service
2. The ouput is opened in a pager (less) which allows us to execute arbitrary commands.
3. Type in `!/bin/sh` in the pager to spawn a shell as root user.
`
Related
cbl_mariner
cbl_mariner
CVE-2023-26604 affecting package systemd 239-43
2023-04-20 19:17:28
nessus
nessus
AlmaLinux 8 : systemd (ALSA-2023:3837)
2023-06-30 00:00:00
Rocky Linux 8 : systemd (RLSA-2023:3837)
2023-08-31 00:00:00
EulerOS Virtualization 2.10.0 : systemd (EulerOS-SA-2023-2495)
2023-07-28 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2024-1707)
2024-05-17 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2023-2495)
2023-07-31 00:00:00
Huawei EulerOS: Security Advisory for systemd (EulerOS-SA-2023-2470)
2023-07-31 00:00:00
veracode
veracode
Privilege Escalation
2023-03-09 21:02:25
nvd
nvd
CVE-2023-26604
2023-03-03 16:15:10
CVE-2023-1326
2023-04-13 23:15:07
osv
osv
Moderate: systemd security and bug fix update
2023-08-31 16:54:20
Moderate: systemd security and bug fix update
2023-06-27 00:00:00
systemd - security update
2023-03-31 00:00:00
ibm
ibm
oraclelinux
oraclelinux
systemd security and bug fix update
2023-07-20 00:00:00
ubuntucve
ubuntucve
CVE-2023-26604
2023-03-03 00:00:00
CVE-2023-1326
2023-04-13 00:00:00
debian
debian
[SECURITY] [DLA 3377-1] systemd security update
2023-03-31 20:56:09
debiancve
debiancve
CVE-2023-26604
2023-03-03 16:15:10
redhat
redhat
(RHSA-2023:3837) Moderate: systemd security and bug fix update
2023-06-27 13:35:46
(RHSA-2024:1105) Moderate: systemd security update
2024-03-05 10:44:55
(RHSA-2023:4276) Moderate: DevWorkspace Operator Security Update
2023-07-25 18:29:37
cvelist
cvelist
CVE-2023-26604
2023-03-03 00:00:00
CVE-2023-1326 local privilege escalation in apport-cli
2023-04-13 22:35:19
zdt
zdt
systemd 246 - Local Privilege Escalation Vulnerability
2023-08-10 00:00:00
exploitdb
exploitdb
systemd 246 - Local Privilege Escalation
2023-08-10 00:00:00
rocky
rocky
systemd security and bug fix update
2023-08-31 16:54:20
prion
prion
Design/Logic Flaw
2023-03-03 16:15:00
Privilege escalation
2023-04-13 23:15:00
amazon
amazon
Important: systemd
2023-03-30 18:55:00
redhatcve
redhatcve
CVE-2023-26604
2023-03-06 06:59:19
cve
cve
CVE-2023-26604
2023-03-03 16:15:10
CVE-2023-1326
2023-04-13 23:15:07
almalinux
almalinux
Moderate: systemd security and bug fix update
2023-06-27 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2459
2024-07-31 09:46:11
redos
redos
ROS-20240425-05
2024-04-25 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00