mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-13 10:04:45 +02:00
0xMarcio
1.4 KiB
1.4 KiB
CVE-2023-1326
Description
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
POC
Reference
- https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb
- https://ubuntu.com/security/notices/USN-6018-1
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Archan6el/Devvortex-Writeup
- https://github.com/Archan6el/Devvortex-Writeup-HackTheBox
- https://github.com/Pol-Ruiz/CVE-2023-1326
- https://github.com/c0d3cr4f73r/CVE-2023-1326
- https://github.com/diego-tella/CVE-2023-1326-PoC
- https://github.com/jbiniek/cyberpoligon23
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/ssst0n3/ssst0n3