admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2023/CVE-2023-1326.md

25 lines
1.3 KiB
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2023-1326](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1326)
![](https://img.shields.io/static/v1?label=Product&message=Apport&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%3D%202.26.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-269&color=brighgreen)
### Description
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
### POC
#### Reference
- https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Archan6el/Devvortex-Writeup
- https://github.com/Archan6el/Devvortex-Writeup-HackTheBox
- https://github.com/Pol-Ruiz/CVE-2023-1326
- https://github.com/diego-tella/CVE-2023-1326-PoC
- https://github.com/jbiniek/cyberpoligon23
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/ssst0n3/ssst0n3
Reference in New Issue Copy Permalink