Exploit Report

Computer Security And Bug Information


CVE Title
Published Date2023-03-03T16:15Z
Modified Date2023-03-10T14:08Z
CWE TypeNVD-CWE-noinfo
Descriptionsystemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
By clicking these links you will leave this website. We do not endorse and will not be held accountable for any activity on external sites.
Reference URLhttps://medium.com/@zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7
Reference DescriptionMISC https://medium.com/@zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7
Reference URLhttps://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340
Reference DescriptionMISC https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340
Reference URLhttps://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/
Reference DescriptionMISC https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/
TagsExploit Third Party Advisory

This site's data is aggregated programmatically and provided "as is" without any representations or warranties, express or implied. Exploit.report is not affiliated with the The MITRE Corporation, U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), or US government in any way. CVE and the CVE logo are registered trademarks of The MITRE Corporation

© 2022 Exploit.Report | Data | Contact | Privacy Policy | Articles