CVE-2017-9232
published 2017-05-28CVE-2017-9232: Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege…
PriorityP270critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
48.50%
98.7th percentile
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | juju | <= 1.25.12 | — |
| canonical | juju | — | — |
| canonical | juju | — | — |
| canonical | juju | — | — |
| canonical | juju | — | — |
| canonical | juju | — | — |
| canonical | juju | — | — |
| canonical | juju | — | — |
| github.com | juju_juju | >= 0 < 0.0.0-20170524231039-0417178a3c28 | 0.0.0-20170524231039-0417178a3c28 |
Detection & IOCsextracted from sources · hover to see the quote
- →Check for world-accessible UNIX domain sockets associated with juju-run agent units; exploitation involves connecting to an unprotected socket to execute commands as root. ↗
- →Monitor for unexpected execution of juju-run by non-root, non-juju users, particularly when followed by privilege escalation to root (uid=0). ↗
- →Watch for random-named hidden executables (dot-prefixed alphanumeric filenames) dropped into writable directories such as /tmp and subsequently executed — a pattern used by the Metasploit exploit module for payload staging. ↗
- →Audit Juju unit log files in /var/log/juju/ for enumeration activity; the exploit enumerates unit names by parsing log filenames to identify privileged sockets. ↗
- ·Vulnerable Juju versions are 1.x before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3; the exploit was confirmed on agent tool versions 1.18.4, 1.25.5, and 1.25.9 on Ubuntu 14.04.1 LTS. ↗
- ·Exploitation requires an existing local (unprivileged) session on the target system; this is a local privilege escalation, not a remote code execution vulnerability. ↗
- ·A valid Juju unit must be present and discoverable on the system for exploitation to succeed; the module fails if no privileged socket unit is found. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Juju uses a UNIX domain socket without setting appropriate permissions in github.com/juju/juju
osv·2025-04-24
CVE-2017-9232 Juju uses a UNIX domain socket without setting appropriate permissions in github.com/juju/juju
Juju uses a UNIX domain socket without setting appropriate permissions in github.com/juju/juju
Juju uses a UNIX domain socket without setting appropriate permissions in github.com/juju/juju
GHSA
Juju uses a UNIX domain socket without setting appropriate permissions
ghsa·2022-05-13
CVE-2017-9232 [CRITICAL] CWE-862 Juju uses a UNIX domain socket without setting appropriate permissions
Juju uses a UNIX domain socket without setting appropriate permissions
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
OSV
Juju uses a UNIX domain socket without setting appropriate permissions
osv·2022-05-13
CVE-2017-9232 [CRITICAL] Juju uses a UNIX domain socket without setting appropriate permissions
Juju uses a UNIX domain socket without setting appropriate permissions
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
OSV
CVE-2017-9232: Juju before 1
osv·2017-05-26·CVSS 9.8
CVE-2017-9232 [CRITICAL] CVE-2017-9232: Juju before 1
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.
Ubuntu
juju-core vulnerability
vendor_ubuntu·2017-05-26
CVE-2017-9232 juju-core vulnerability
Title: juju-core vulnerability
Summary: The system could be made to run programs as an administrator.
Ryan Beisner discovered juju did not set permissions on a Unix domain
socket. A local attacker could use this flaw to gain administrative
privileges.
Instructions: After a standard system update you need to restart juju-core to make
all the necessary changes.
No detection rules found.
Exploit-DB
Juju-run Agent - Privilege Escalation (Metasploit)
exploitdb·2018-02-12
CVE-2017-9232 Juju-run Agent - Privilege Escalation (Metasploit)
Juju-run Agent - Privilege Escalation (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'Juju-run Agent Privilege Escalation',
'Description' => %q{
This module attempts to gain root privileges on Juju agent systems
running the juju-run agent utility.
Juju agent systems running agent tools prior to version 1.25.12,
2.0.x before 2.0.4, and 2.1.x before 2.1.3, provide a UNIX domain socket
to manage software ("units") without setting appropriate permissions,
allowing unprivileged local users to execute arbitrary commands as root.
This module has been tested successfully with Juju agent tools versions
1.18.4, 1.25.5 and 1.25.9 on Ubuntu 14.04.1 LTS x86 deployed by
Metasploit
Juju-run Agent Privilege Escalation
metasploit
Juju-run Agent Privilege Escalation
Juju-run Agent Privilege Escalation
This module attempts to gain root privileges on Juju agent systems running the juju-run agent utility. Juju agent systems running agent tools prior to version 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3, provide a UNIX domain socket to manage software ("units") without setting appropriate permissions, allowing unprivileged local users to execute arbitrary commands as root. This module has been tested successfully with Juju agent tools versions 1.18.4, 1.25.5 and 1.25.9 on Ubuntu 14.04.1 LTS x86 deployed by Juju 1.18.1-trusty-amd64 and 1.25.6-trusty-amd64 on Ubuntu 14.04.1 LTS x86_64.
No writeups or analysis indexed.
2017-05-28
Published