A low-privileged user account on most Linux operating systems with UID
value anything greater than 2147483647 can execute any systemctl command
unauthorizedly. cve-2018-19788
Here I have tested this vulnerability with Debian linux.
To verify the INT_MAX value using below command,
To verify the INT_MAX value using below command,
root@testing:-# getconf INT_MAX
If it shows 2147483647 value, Next create a normal user account with UID greater than INT_MAX. Then login to that account to run any systemctl command without any super user access.
You can get a full interactive root access from that user using "systemd-run" command.
No comments:
Post a Comment