Thursday, 13 December 2018

Low-privileged user with UID greater than INT_MAX can run any command in Linux

A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly. cve-2018-19788
Here I have tested this vulnerability with Debian linux.

To verify the INT_MAX value using below command,

root@testing:-# getconf INT_MAX

If it shows 2147483647 value, Next create a normal user account with UID greater than INT_MAX. Then login to that account to run any systemctl command without any super user access.

You can get  a full interactive root access from that user using "systemd-run" command.



No comments:

Post a Comment